CVE-2026-46109
MEDIUMusb: ulpi: fix memory leak on ulpi_register() error paths
Title source: cnaDescription
In the Linux kernel, the following vulnerability has been resolved: usb: ulpi: fix memory leak on ulpi_register() error paths Commit 01af542392b5 ("usb: ulpi: fix double free in ulpi_register_interface() error path") removed kfree(ulpi) from ulpi_register_interface() to fix a double-free when device_register() fails. But when ulpi_of_register() or ulpi_read_id() fail before device_register() is called, the ulpi allocation is leaked. Add kfree(ulpi) on both error paths to properly clean up the allocation.
References (8)
Core 8
Core References
Scores
CVSS v3
5.5
EPSS
0.0012
EPSS Percentile
2.4%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-401
Status
published
Products (43)
linux/Kernel
< 5.10.258linux
linux/Kernel
5.11.0 - 5.15.209linux
linux/Kernel
5.16.0 - 6.1.175linux
linux/Kernel
6.13.0 - 6.18.30linux
linux/Kernel
6.19.0 - 7.0.7linux
linux/Kernel
6.2.0 - 6.6.140linux
linux/Kernel
6.7.0 - 6.12.88linux
Linux/Linux
< 7.0
Linux/Linux
01af542392b5d41fd659d487015a71f627accce3 - 0b9fcab1b8608d429e5f239afb197de928d4de7d
Linux/Linux
01af542392b5d41fd659d487015a71f627accce3 - f30ccfc2985590b33a23a3d8bed7ca16c0af551b
... and 33 more
Published
May 28, 2026
Tracked Since
May 28, 2026