Skip to main content

Linux Kernel EUVDEUVD-2026-32262

| CVE-2026-45978 MEDIUM
NULL Pointer Dereference (CWE-476)
2026-05-27 416baaa9-dc9f-4396-8d5f-8c081fb06d67 GHSA-wq92-r227-xxxp
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
vuln.today AI
4.7 MEDIUM

Local-only access, but reliably triggering a specific kcalloc failure path requires deliberate memory pressure, warranting AC:H over the vendor's AC:L.

3.1 AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
4.0 AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
SUSE
4.7 MEDIUM
AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
Analysis Generated
Jun 16, 2026 - 02:57 vuln.today
CVSS changed
Jun 16, 2026 - 02:52 NVD
5.5 (MEDIUM)
Patch available
May 27, 2026 - 19:46 EUVD
CVE Published
May 27, 2026 - 14:17 nvd
MEDIUM 5.5
CVE Published
May 27, 2026 - 14:17 nvd
UNKNOWN (no severity yet)

DescriptionNVD

In the Linux kernel, the following vulnerability has been resolved:

staging: greybus: lights: avoid NULL deref

gb_lights_light_config() stores channel_count before allocating the channels array. If kcalloc() fails, gb_lights_release() iterates the non-zero count and dereferences light->channels, which is NULL.

Allocate channels first and only then publish channels_count so the cleanup path can't walk a NULL pointer.

AnalysisAI

NULL pointer dereference in the Linux kernel's staging Greybus lights driver (drivers/staging/greybus/lights.c) causes a local denial of service via kernel panic. The flaw affects systems running Greybus-enabled kernels since commit 2870b52b (Linux 4.9 onward), where a low-privileged local user can trigger a kernel crash if kcalloc() fails during lights channel initialization. No public exploit exists and EPSS is 0.02% (7th percentile), reflecting niche hardware dependency; the vulnerability is not listed in CISA KEV.

Technical ContextAI

The Greybus protocol is a staging Linux kernel subsystem used primarily with Project Ara modular hardware and certain embedded/mobile platforms. The affected function gb_lights_light_config() in drivers/staging/greybus/lights.c writes the channel_count field to a struct before calling kcalloc() to allocate the corresponding channels array. CWE-476 (NULL Pointer Dereference) applies: when kcalloc() fails under memory pressure, the published non-zero channel_count causes the cleanup function gb_lights_release() to iterate over the count and dereference light->channels, which remains NULL. The fix reorders operations: allocate the channels array first, then publish channel_count, so the cleanup path only walks a valid pointer. Affected CPE: cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* across multiple stable branches from 4.9 through pre-patch 7.0.

RemediationAI

The primary fix is to upgrade to a patched Linux kernel release: 5.10.252, 5.15.202, 6.1.165, 6.6.128, 6.12.75, 6.18.14, 6.19.4, or 7.0. Upstream fix commits are available at https://git.kernel.org/stable/c/01b91cb3e748032fd96bbe0043812b426a52f091 (and sibling commits for other stable branches) for manual backporting if vendor kernels have not yet integrated the fix. As a workaround, administrators on systems that do not require Greybus hardware support can prevent the vulnerable code path from being reached by ensuring the greybus and gb_lights kernel modules are not loaded (modprobe -r gb_lights greybus) and adding them to a module blacklist (/etc/modprobe.d/blacklist.conf). This has no side effects unless Greybus hardware is actively in use. Distribution vendors (Ubuntu, Debian, RHEL, SUSE) should be consulted for backported package updates in their respective support channels.

Vendor StatusVendor

SUSE

Severity: Moderate
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Affected
SUSE Linux Enterprise Desktop 15 SP7 Affected
SUSE Linux Enterprise High Availability Extension 15 SP7 Affected
SUSE Linux Enterprise High Availability Extension 15 SP7 Affected
SUSE Linux Enterprise High Performance Computing 15 SP7 Affected

Share

EUVD-2026-32262 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy