CVE-2026-43426

HIGH EPSS 2.6%
Published May 8, 20261mo ago · Modified Jun 17, 20261w ago
7.8 CVSS 3.1
High
Find Similar
Published May 8, 2026 1mo ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: usb: renesas_usbhs: fix use-after-free in ISR during device removal In usbhs_remove(), the driver frees resources (including the pipe array) while the interrupt handler (usbhs_interrupt) is still registered. If an interrupt fires after usbhs_pipe_remove() but before the driver is fully unbound, the ISR may access freed memory, causing a use-after-free. Fix this by calling devm_free_irq() before freeing resources. This ensures the interrupt handler is both disabled and synchronized (waits for any running ISR to complete) before usbhs_pipe_remove() is called.

CVSS Details

Base Score
7.8
Exploitability
1.8
Impact
5.9
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
2.6% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-416 Use After Free Memory Safety

Affected Products 11

VendorProductVersionRange
linuxlinux_kernel*≥3.0  –  <5.10.253
linuxlinux_kernel*≥5.11  –  <5.15.203
linuxlinux_kernel*≥5.16  –  <6.1.167
linuxlinux_kernel*≥6.2  –  <6.6.130
linuxlinux_kernel*≥6.7  –  <6.12.78
linuxlinux_kernel*≥6.13  –  <6.18.19
linuxlinux_kernel*≥6.19  –  <6.19.9
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any

References 8

  • git.kernel.org https://git.kernel.org/stable/c/0b7d11fd6e742ecc0b1eca44b4f0b93140c74bae
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/1899edac312ef17a7234851686e8a703f56d0a84
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/3cbc242b88c607f55da3d0d0d336b49bf1e20412
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/51afaf919bbaacdd9cc9e146033ae0a743a42dd7
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/6287e0c01ccb818e7214f88d885ffb7c9e81b0e0
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/6ffe44f022c95b1b29c691d2169c5abc046f7580
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/9c6159d5b72d5fc265cce5da04f27d730b552e69
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c7012fc73dab4829404fedeeaa8531f12ac8545f
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/0b7d11fd6e742ecc0b1eca44b4f0b93140c74bae
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/1899edac312ef17a7234851686e8a703f56d0a84
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/3cbc242b88c607f55da3d0d0d336b49bf1e20412
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/51afaf919bbaacdd9cc9e146033ae0a743a42dd7
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/6287e0c01ccb818e7214f88d885ffb7c9e81b0e0
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/6ffe44f022c95b1b29c691d2169c5abc046f7580
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/9c6159d5b72d5fc265cce5da04f27d730b552e69
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c7012fc73dab4829404fedeeaa8531f12ac8545f
    Patch