CVE Catalog

CVE-2026-45978

MediumCVSS 5.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.12%

2th percentile - higher than 2% of all known CVEs

Summary

A vulnerability has been identified and resolved in the Linux kernel. The issue concerns the gb_lights_light_config() function, which stores the channel count before allocating the channels array, potentially leading to a NULL pointer dereference.

Risk Assessment

This vulnerability may lead to system crashes or unexpected application behavior, posing a risk to system stability and security.

Recommendation

It is recommended to update the Linux kernel to the latest version to eliminate this vulnerability and ensure proper memory allocation.

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: staging: greybus: lights: avoid NULL deref gb_lights_light_config() stores channel_count before allocating the channels array. If kcalloc() fails, gb_lights_release() iterates the non-zero count and dereferences light->channels, which is NULL. Allocate channels first and only then publish channels_count so the cleanup path can't walk a NULL pointer.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS