CVE Catalog

CVE-2026-46109

MediumCVSS 5.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.18%

7th percentile - higher than 7% of all known CVEs

Summary

A vulnerability has been identified in the Linux kernel related to a memory leak in the ulpi_register() function. If errors occur in ulpi_of_register() or ulpi_read_id() before device_register() is called, allocated memory is leaked.

Risk Assessment

Organizations may face performance and stability issues due to improper memory management, potentially leading to resource exhaustion.

Recommendation

It is recommended to update the Linux kernel to the latest version to eliminate this vulnerability and prevent memory leaks.

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: usb: ulpi: fix memory leak on ulpi_register() error paths Commit 01af542392b5 ("usb: ulpi: fix double free in ulpi_register_interface() error path") removed kfree(ulpi) from ulpi_register_interface() to fix a double-free when device_register() fails. But when ulpi_of_register() or ulpi_read_id() fail before device_register() is called, the ulpi allocation is leaked. Add kfree(ulpi) on both error paths to properly clean up the allocation.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS