7.8
CVE-2026-46285
- EPSS 0.13%
- Veröffentlicht 08.06.2026 15:41:28
- Zuletzt bearbeitet 08.07.2026 21:29:35
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- CVE-Watchlists
- Unerledigt
mtd: docg3: fix use-after-free in docg3_release()
In the Linux kernel, the following vulnerability has been resolved: mtd: docg3: fix use-after-free in docg3_release() In docg3_release(), the docg3 pointer is obtained from cascade->floors[0]->priv before the loop that calls doc_release_device() on each floor. doc_release_device() frees the docg3 struct via kfree(docg3) at line 1881. After the loop, docg3->cascade->bch dereferences the already-freed pointer. Fix this by accessing cascade->bch directly, which is equivalent since docg3->cascade points back to the same cascade struct, and is already available as a local variable. This also removes the now-unused docg3 local variable.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 5.8 < 5.10.258
Linux ≫ Linux Kernel Version >= 5.11 < 5.15.209
Linux ≫ Linux Kernel Version >= 5.16 < 6.1.175
Linux ≫ Linux Kernel Version >= 6.2 < 6.6.140
Linux ≫ Linux Kernel Version >= 6.7 < 6.12.86
Linux ≫ Linux Kernel Version >= 6.13 < 6.18.27
Linux ≫ Linux Kernel Version >= 6.19 < 7.0.4
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.13% | 0.026 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-416 Use After Free
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
https://git.kernel.org/stable/c/8408655ec8344511667b61d8257dc59c80ee3391
https://git.kernel.org/stable/c/f5d2ed4ed47d3906e2495a3537a48b127f497a17
https://git.kernel.org/stable/c/2bf706fe7831b319f23a85b9728f961cfed40c3e
https://git.kernel.org/stable/c/d26f8c361f751c188b7ebaf8189aa0258968fd98
https://git.kernel.org/stable/c/16f6588a3b7a2a20d10ad9b766be74c60ba347cc
https://git.kernel.org/stable/c/d89044889ecd11b0c2f86663597246e9bdd25679
https://git.kernel.org/stable/c/d49628d63d4e6bbc8a1621afb88e5fc901611bee
https://git.kernel.org/stable/c/ca19808bc6fac7e29420d8508df569b346b3e339