CVE-2026-46134
MediumCVSS 5.5Exploitation Probability (EPSS)
Low risk7th percentile - higher than 7% of all known CVEs
Summary
A vulnerability has been identified in the Linux kernel related to the lack of mutex initialization in Thunderbolt registration. Improper mutex management leads to a NULL dereference, potentially causing system crashes.
Risk Assessment
The lack of mutex initialization can lead to serious stability issues, threatening the continuity of services within the organization.
Recommendation
It is recommended to update the Linux kernel to ensure proper mutex initialization in the cros_typec_register_thunderbolt() function.
Original NVD description (English source)
In the Linux kernel, the following vulnerability has been resolved: platform/chrome: cros_ec_typec: Init mutex in Thunderbolt registration cros_typec_register_thunderbolt() missed initializing the `adata->lock` mutex. This leads to a NULL dereference when the mutex is later acquired (e.g. in cros_typec_altmode_work()). Initialize the mutex in cros_typec_register_thunderbolt() to fix the issue.

