Improper resource shutdown or release in Linux kernel - CVE-2026-46255
Published: June 4, 2026
Vulnerability identifier: #VU133335
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2026-46255
CWE-ID: CWE-404
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to improper resource shutdown in fsl_edma_remove() in the fsl-edma driver when removing the driver. A local user can trigger driver removal to cause a denial of service.
The issue results in kernel warnings because clocks are disabled and unprepared after they were already managed by automatic resource cleanup.
How to mitigate CVE-2026-46255
Install security update from vendor's repository.
Sources
- https://git.kernel.org/stable/c/533d495f15e4c88ad5246c7f90ae026702e28d75
- https://git.kernel.org/stable/c/666c53e94c1d0bf0bdf14c49505ece9ddbe725bc
- https://git.kernel.org/stable/c/68feac21bd4de7ae4faba05704c404861d991fcf
- https://git.kernel.org/stable/c/b84dba68c4823da452cec99a5d213571a65d06de
- https://git.kernel.org/stable/c/bda244871179543dd3be7d093236cb33b2fb1765