CVE-2026-46075
HighCVSS 7.8Exploitation Probability (EPSS)
Low risk7th percentile - higher than 7% of all known CVEs
Summary
A vulnerability in the Linux kernel related to potential use-after-free (UAF) and memory leak in the removal path for the atmel-sha204a component has been fixed.
Risk Assessment
Organizations may be exposed to attacks exploiting UAF, potentially leading to unauthorized memory access and data leaks.
Recommendation
It is recommended to update the Linux kernel to the latest version to mitigate this vulnerability and to monitor systems for unauthorized activities.
Original NVD description (English source)
In the Linux kernel, the following vulnerability has been resolved: crypto: atmel-sha204a - Fix potential UAF and memory leak in remove path Unregister the hwrng to prevent new ->read() calls and flush the Atmel I2C workqueue before teardown to prevent a potential UAF if a queued callback runs while the device is being removed. Drop the early return to ensure sysfs entries are removed and ->hwrng.priv is freed, preventing a memory leak.

