Use-after-free Vulnerability in Linux Kernel's I2C Core Affecting Input Device Drivers
CVE-2026-46097
What is CVE-2026-46097?
A vulnerability within the Linux kernel's I2C core, specifically in the edt-ft5x06 input driver, allows for a use-after-free condition during the teardown of debugfs directories. This flaw arises when the manual teardown of debugfs is bypassed, leading to a situation where debug files remain accessible after their associated resources have been freed. The issue can be mitigated by enforcing strict control mechanisms, such as utilizing a device mutex when freeing the resource. This ensures that the raw_buffer pointer is set to NULL after freeing, preventing unauthorized access and enhancing overall stability and security of the kernel's documentation and input management.
Affected Version(s)
Linux 68743c500c6eafcd0b16dc6067fea5bca0795eef
Linux 68743c500c6eafcd0b16dc6067fea5bca0795eef < 9f6c5e7b747d40e1c65cbfcb975857d25154c075
Linux 68743c500c6eafcd0b16dc6067fea5bca0795eef