CVE-2026-43426
Published: May 8, 2026
Modified: May 11, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: usb: renesas_usbhs: fix use-after-free in ISR during device removal In usbhs_remove(), the driver frees resources (including the pipe array) while the interrupt handler (usbhs_interrupt) is still registered. If an interrupt fires after usbhs_pipe_remove() but before the driver is fully unbound, the ISR may access freed memory, causing a use-after-free. Fix this by calling devm_free_irq() before freeing resources. This ensures the interrupt handler is both disabled and synchronized (waits for any running ISR to complete) before usbhs_pipe_remove() is called.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected f1407d5c66240b33d11a7f1a41d55ccf6a9d7647 - < c7012fc73dab4829404fedeeaa8531f12ac8545faffected f1407d5c66240b33d11a7f1a41d55ccf6a9d7647 - < 51afaf919bbaacdd9cc9e146033ae0a743a42dd7affected f1407d5c66240b33d11a7f1a41d55ccf6a9d7647 - < 1899edac312ef17a7234851686e8a703f56d0a84affected f1407d5c66240b33d11a7f1a41d55ccf6a9d7647 - < 9c6159d5b72d5fc265cce5da04f27d730b552e69affected f1407d5c66240b33d11a7f1a41d55ccf6a9d7647 - < 6287e0c01ccb818e7214f88d885ffb7c9e81b0e0+3 more versions |
Linux | Linux | affected 3.0unaffected 0 - < 3.0unaffected 5.10.253 - <= 5.10.*unaffected 5.15.203 - <= 5.15.*unaffected 6.1.167 - <= 6.1.*+5 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now