CVE-2026-46292

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
08/06/2026
Last modified:
08/07/2026

Description

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> pmdomain: core: Fix detach procedure for virtual devices in genpd<br /> <br /> If a device is attached to a PM domain through genpd_dev_pm_attach_by_id(),<br /> genpd calls pm_runtime_enable() for the corresponding virtual device that<br /> it registers. While this avoids boilerplate code in drivers, there is no<br /> corresponding call to pm_runtime_disable() in genpd_dev_pm_detach().<br /> <br /> This means these virtual devices are typically detached from its genpd,<br /> while runtime PM remains enabled for them, which is not how things are<br /> designed to work. In worst cases it may lead to critical errors, like a<br /> NULL pointer dereference bug in genpd_runtime_suspend(), which was recently<br /> reported. For another case, we may end up keeping an unnecessary vote for a<br /> performance state for the device.<br /> <br /> To fix these problems, let&amp;#39;s add this missing call to pm_runtime_disable()<br /> in genpd_dev_pm_detach().

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 4.18 (including) 5.10.259 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.11 (including) 5.15.210 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.16 (including) 6.1.176 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.2 (including) 6.6.141 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.7 (including) 6.12.88 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.13 (including) 6.18.30 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.19 (including) 7.0.7 (excluding)
cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*