Skip to main content

Linux Kernel EUVDEUVD-2026-32761

| CVE-2026-46134 MEDIUM
NULL Pointer Dereference (CWE-476)
2026-05-28 416baaa9-dc9f-4396-8d5f-8c081fb06d67 GHSA-2xcf-7w6q-9vxc
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
vuln.today AI
5.5 MEDIUM

Local-only driver on ChromeOS hardware; low privilege sufficient to trigger workqueue; sole impact is kernel crash with no confidentiality or integrity loss.

3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4.0 AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
SUSE
MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
Analysis Generated
Jun 24, 2026 - 18:08 vuln.today
CVSS changed
Jun 24, 2026 - 18:07 NVD
5.5 (MEDIUM)
Patch available
May 28, 2026 - 12:31 EUVD
CVE Published
May 28, 2026 - 10:16 nvd
MEDIUM 5.5
CVE Published
May 28, 2026 - 10:16 nvd
UNKNOWN (no severity yet)

DescriptionNVD

In the Linux kernel, the following vulnerability has been resolved:

platform/chrome: cros_ec_typec: Init mutex in Thunderbolt registration

cros_typec_register_thunderbolt() missed initializing the adata->lock mutex. This leads to a NULL dereference when the mutex is later acquired (e.g. in cros_typec_altmode_work()).

Initialize the mutex in cros_typec_register_thunderbolt() to fix the issue.

AnalysisAI

NULL pointer dereference in the Linux kernel's cros_ec_typec driver crashes the kernel when a Thunderbolt alternate mode operation is processed on affected ChromeOS devices. The flaw originates in cros_typec_register_thunderbolt(), which allocates the adata structure but omits mutex_init(&adata->lock); when cros_typec_altmode_work() later acquires that uninitialized mutex, the kernel dereferences a NULL or garbage pointer and panics. No public exploit code exists and EPSS of 0.02% (4th percentile) reflects the narrow hardware prerequisite and strictly local-only attack surface; the vulnerability is not listed in CISA KEV.

Technical ContextAI

The affected code is the platform/chrome/cros_ec_typec driver, which manages USB Type-C and Thunderbolt alternate mode signaling on ChromeOS devices via the Embedded Controller (EC) interface. CPE data (cpe:2.3:o:linux:linux_kernel:*) spans multiple stable branches, with the flaw introduced at commit 3b00be26b16ad72c85624ada08cbae2d2c57b6e9. CWE-476 (NULL Pointer Dereference) identifies the root cause class: cros_typec_register_thunderbolt() allocates and populates adata but skips the mandatory mutex_init(&adata->lock) call. The mutex object is therefore in an undefined state. When the kernel's workqueue dispatches cros_typec_altmode_work() and attempts to acquire that lock via mutex_lock(), it dereferences the uninitialized pointer, generating a kernel oops or hard panic. The bug is confined to the cros_ec_typec subsystem and has no code-path reachable from non-ChromeOS hardware.

RemediationAI

Upgrade the Linux kernel to a patched release: 6.18.30, 7.0.7, or 7.1-rc3. The three upstream stable-tree fix commits are available at https://git.kernel.org/stable/c/525cb7ba6661074c1c5cc3772bccc6afab6791ef, https://git.kernel.org/stable/c/3b13d5883a097f538fccbab1c61c95546d29621f, and https://git.kernel.org/stable/c/23ae72e8c2f1c1d1da8cbd479320ddcfcc9c7435; distributions that have not yet rebased to these point releases can backport any of these single-commit fixes directly. As an interim compensating control where patching is not immediately feasible, preventing untrusted local users from triggering Thunderbolt device enumeration (e.g., via lockdown mode or restricting physical Thunderbolt port access) reduces the likelihood of accidental or deliberate triggering; note this trades port functionality for stability. Blacklisting the cros_ec_typec module (modprobe -b cros_ec_typec) fully eliminates the attack surface but also disables all USB Type-C alternate mode management on the affected device.

Vendor StatusVendor

SUSE

Severity: Moderate
Product Status
openSUSE Tumbleweed Fixed
SUSE Linux Enterprise Desktop 15 SP7 Not-Affected
SUSE Linux Enterprise Desktop 15 SP7 Not-Affected
SUSE Linux Enterprise High Availability Extension 15 SP7 Not-Affected
SUSE Linux Enterprise High Availability Extension 15 SP7 Not-Affected

Share

EUVD-2026-32761 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy