CVE Catalog

CVE-2026-46075

HighCVSS 7.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.17%

7th percentile - higher than 7% of all known CVEs

Summary

A vulnerability in the Linux kernel related to potential use-after-free (UAF) and memory leak in the removal path for the atmel-sha204a component has been fixed.

Risk Assessment

Organizations may be exposed to attacks exploiting UAF, potentially leading to unauthorized memory access and data leaks.

Recommendation

It is recommended to update the Linux kernel to the latest version to mitigate this vulnerability and to monitor systems for unauthorized activities.

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: crypto: atmel-sha204a - Fix potential UAF and memory leak in remove path Unregister the hwrng to prevent new ->read() calls and flush the Atmel I2C workqueue before teardown to prevent a potential UAF if a queued callback runs while the device is being removed. Drop the early return to ensure sysfs entries are removed and ->hwrng.priv is freed, preventing a memory leak.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS