CVE-2026-45978
MediumCVSS 5.5Exploitation Probability (EPSS)
Low risk2th percentile - higher than 2% of all known CVEs
Summary
A vulnerability has been identified and resolved in the Linux kernel. The issue concerns the gb_lights_light_config() function, which stores the channel count before allocating the channels array, potentially leading to a NULL pointer dereference.
Risk Assessment
This vulnerability may lead to system crashes or unexpected application behavior, posing a risk to system stability and security.
Recommendation
It is recommended to update the Linux kernel to the latest version to eliminate this vulnerability and ensure proper memory allocation.
Original NVD description (English source)
In the Linux kernel, the following vulnerability has been resolved: staging: greybus: lights: avoid NULL deref gb_lights_light_config() stores channel_count before allocating the channels array. If kcalloc() fails, gb_lights_release() iterates the non-zero count and dereferences light->channels, which is NULL. Allocate channels first and only then publish channels_count so the cleanup path can't walk a NULL pointer.

