USB Driver Vulnerability in Linux Kernel Affecting Device Management
CVE-2026-46228

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 28 May 2026

What is CVE-2026-46228?

A vulnerability in the USB drivers of the Linux kernel has been identified that affects the proper management of device resources. Specifically, the issue resides in how USB drivers bind to USB interfaces and manage their allocated resources. When a driver is unbound from its associated device without the device being disconnected, it can lead to memory leaks and other resource mismanagement. This situation arises from incorrect lifetime management of the SPI controller and driver data under USB interfaces, particularly during scenarios such as probe deferral or configuration changes. The fix ensures that these resources are properly released upon driver unbinding, thereby enhancing overall system stability and performance.

Affected Version(s)

Linux 8846739f52afa07e63395c80227dc544f54bd7b1 < 4422fc2411cbbdf5104a914e0596bb483faea254

Linux 8846739f52afa07e63395c80227dc544f54bd7b1 < 108a64b27a52f781c4f3751641e3dd65c7dd2fb5

Linux 8846739f52afa07e63395c80227dc544f54bd7b1

References

https://git.kernel.org/stable/c/4422fc2411cbbdf5104a914e0...

https://git.kernel.org/stable/c/108a64b27a52f781c4f375164...

https://git.kernel.org/stable/c/abe572f630bc1f0e77041012a...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 28, 2026
Vulnerability Reserved
May 13, 2026

CVE-2026-46228 Data

JSON