CVE-2026-43426

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> usb: renesas_usbhs: fix use-after-free in ISR during device removal<br /> <br /> In usbhs_remove(), the driver frees resources (including the pipe array)<br /> while the interrupt handler (usbhs_interrupt) is still registered. If an<br /> interrupt fires after usbhs_pipe_remove() but before the driver is fully<br /> unbound, the ISR may access freed memory, causing a use-after-free.<br /> <br /> Fix this by calling devm_free_irq() before freeing resources. This ensures<br /> the interrupt handler is both disabled and synchronized (waits for any<br /> running ISR to complete) before usbhs_pipe_remove() is called.