CVE-2026-46134

Severity CVSS v4.0:
Pending analysis
Type:
CWE-476 NULL Pointer Dereference
Publication date:
28/05/2026
Last modified:
24/06/2026

Description

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> platform/chrome: cros_ec_typec: Init mutex in Thunderbolt registration<br /> <br /> cros_typec_register_thunderbolt() missed initializing the `adata-&gt;lock`<br /> mutex. This leads to a NULL dereference when the mutex is later<br /> acquired (e.g. in cros_typec_altmode_work()).<br /> <br /> Initialize the mutex in cros_typec_register_thunderbolt() to fix the<br /> issue.

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.14 (including) 6.18.30 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.19 (including) 7.0.7 (excluding)
cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*