CVE-2026-46073

NONE EPSS 2.3%
Published May 27, 20261mo ago · Modified Jun 17, 20262w ago
Find Similar
Published May 27, 2026 1mo ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel, the following vulnerability has been resolved: hwmon: (powerz) Fix missing usb_kill_urb() on signal interrupt wait_for_completion_interruptible_timeout() returns -ERESTARTSYS when interrupted. This needs to abort the URB and return an error. No data has been received from the device so any reads from the transfer buffer are invalid. The original code tests !ret, which only catches the timeout case (0). On signal delivery (-ERESTARTSYS), !ret is false so the function skips usb_kill_urb() and falls through to read from the unfilled transfer buffer. Fix by capturing the return value into a long (matching the function return type) and handling signal (negative) and timeout (zero) cases with separate checks that both call usb_kill_urb() before returning.

Threat Intelligence

EPSS Exploit Probability
2.3% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

References 4

  • git.kernel.org https://git.kernel.org/stable/c/8b51277eec433d4e724b273a5a5c64e8acfbe405
  • git.kernel.org https://git.kernel.org/stable/c/b66437cb20a2d9ef201f40b675569f8ea7787c9f
  • git.kernel.org https://git.kernel.org/stable/c/b6cb07f02253bdefd2339e57eaa1428a7b28cd0f
  • git.kernel.org https://git.kernel.org/stable/c/d64458784036f5818e22781254b6be299d52a19c

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.