NULL pointer dereference in Linux kernel - CVE-2026-45978
Published: May 28, 2026
Vulnerability identifier: #VU132519
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2026-45978
CWE-ID: CWE-476
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to a null pointer dereference in gb_lights_light_config() and the greybus lights cleanup path when handling a failed channels array allocation. A local user can trigger memory allocation failure to cause a denial of service.
How to mitigate CVE-2026-45978
Install security update from vendor's repository.
Sources
- https://git.kernel.org/stable/c/01b91cb3e748032fd96bbe0043812b426a52f091
- https://git.kernel.org/stable/c/06162d85f830582da6e9e5fcf9c9504d6da9ae0b
- https://git.kernel.org/stable/c/3cbe694d235d96f628ec7dc6ae4d8bdddb768699
- https://git.kernel.org/stable/c/65f2c608096d766540953d9b170d216aa3b5eb95
- https://git.kernel.org/stable/c/a118724d7641b832fa14323e2733e28ae4834552
- https://git.kernel.org/stable/c/ba5022162da63059bae36c4fd84d7031f582c71f
- https://git.kernel.org/stable/c/da46264a7016034a5bbbad034c012ef218b7d0af
- https://git.kernel.org/stable/c/efcffd9a6ad8d190651498d5eda53bfc7cf683a7