Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

CVE-2026-46098

Gravedad:
Pendiente de análisis
Tipo:
No Disponible / Otro tipo
Fecha de publicación:
27/05/2026
Última modificación:
01/06/2026

Descripción

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> net: caif: clear client service pointer on teardown<br /> <br /> `caif_connect()` can tear down an existing client after remote shutdown by<br /> calling `caif_disconnect_client()` followed by `caif_free_client()`.<br /> `caif_free_client()` releases the service layer referenced by<br /> `adap_layer-&gt;dn`, but leaves that pointer stale.<br /> <br /> When the socket is later destroyed, `caif_sock_destructor()` calls<br /> `caif_free_client()` again and dereferences the freed service pointer.<br /> <br /> Clear the client/service links before releasing the service object so<br /> repeated teardown becomes harmless.

Impacto