CVE-2026-45877
Published: May 27, 2026
Modified: May 27, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: HID: intel-ish-hid: fix NULL-ptr-deref in ishtp_bus_remove_all_clients During a warm reset flow, the cl->device pointer may be NULL if the reset occurs while clients are still being enumerated. Accessing cl->device->reference_count without a NULL check leads to a kernel panic. This issue was identified during multi-unit warm reboot stress clycles. Add a defensive NULL check for cl->device to ensure stability under such intensive testing conditions. KASAN: null-ptr-deref in range [0000000000000000-0000000000000007] Workqueue: ish_fw_update_wq fw_reset_work_fn Call Trace: ishtp_bus_remove_all_clients+0xbe/0x130 [intel_ishtp] ishtp_reset_handler+0x85/0x1a0 [intel_ishtp] fw_reset_work_fn+0x8a/0xc0 [intel_ish_ipc]
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 3703f53b99e4a7c373ce3568dd3f91f175ebb626 - < 0b605e8ce60698c27a26f512968a597fd620d2e8affected 3703f53b99e4a7c373ce3568dd3f91f175ebb626 - < feb4bcfd405282de60aba321f13a1272b30c5af4affected 3703f53b99e4a7c373ce3568dd3f91f175ebb626 - < 272dac57caa981718e7188c80c703e7bb1998054affected 3703f53b99e4a7c373ce3568dd3f91f175ebb626 - < 56f7db581ee73af53cd512e00a6261a025bf1d58 |
Linux | Linux | affected 4.9unaffected 0 - < 4.9unaffected 6.12.75 - <= 6.12.*unaffected 6.18.14 - <= 6.18.*unaffected 6.19.4 - <= 6.19.*+1 more versions |
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now