Skip to main content

Linux Kernel EUVDEUVD-2026-34120

| CVE-2026-46258 MEDIUM
NULL Pointer Dereference (CWE-476)
2026-06-03 Linux GHSA-xf52-gg4r-hj5f
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
Analysis Generated
Jun 09, 2026 - 20:27 vuln.today
CVSS changed
Jun 09, 2026 - 20:22 NVD
5.5 (MEDIUM)
Patch available
Jun 03, 2026 - 19:01 EUVD
CVE Published
Jun 03, 2026 - 15:49 nvd
MEDIUM 5.5
CVE Published
Jun 03, 2026 - 15:49 nvd
UNKNOWN (no severity yet)

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

gpio: cdev: Avoid NULL dereference in linehandle_create()

In linehandle_create(), there is a statement like this: retain_and_null_ptr(lh);

Soon after, there is a debug printout that dereferences "lh", which will crash things.

Avoid the crash by using handlereq.lines, which is the same value.

AnalysisAI

NULL pointer dereference in the Linux kernel's GPIO character device subsystem (gpio/cdev) allows a local, low-privileged user to crash the kernel via a denial-of-service. In linehandle_create(), the macro retain_and_null_ptr(lh) sets lh to NULL, but a subsequent debug printout immediately dereferences that same pointer - triggering a kernel panic. No public exploit has been identified at time of analysis, and EPSS indicates very low exploitation probability at 0.02% (5th percentile), consistent with a local-access-only DoS with no code execution or data exposure component.

Technical ContextAI

The vulnerability resides in the Linux kernel's GPIO character device layer (drivers/gpio/gpiolib-cdev.c), specifically in the linehandle_create() function. CPE data (cpe:2.3:a:linux:linux:*:*:*:*:*:*:*:*) identifies the affected product as the mainline Linux kernel across versions introducing commit da7e394bf58f94e9783379fef7c7fb4411b03208 up to the fix commits. CWE-476 (NULL Pointer Dereference) precisely describes the root cause: the retain_and_null_ptr() macro is a kernel idiom that explicitly nullifies a pointer after transferring ownership or releasing a reference, but the debug log statement immediately following it blindly dereferences lh without a NULL guard. The fix replaces the lh dereference in the debug path with handlereq.lines, which holds the equivalent value and is not nullified. This class of bug is common at ownership-transfer boundaries in kernel subsystems where debug instrumentation is added without accounting for pointer lifetime changes.

RemediationAI

Upgrade to Linux kernel 6.19.4 or Linux 7.0, which incorporate the corrective stable commits available at https://git.kernel.org/stable/c/87b9d7a4cfbed5f42af440372026270af997c766 and https://git.kernel.org/stable/c/6af6be278e3ba2ffb6af5b796c89dfb3f5d9063e respectively. Distribution-specific kernel packages (Debian, Ubuntu, RHEL, etc.) should be monitored for backported fixes to their supported kernel versions. As a compensating control where immediate patching is not feasible, restrict unprivileged access to GPIO character devices by tightening udev rules or filesystem permissions on /dev/gpiochip* nodes (e.g., mode 0600, root-only ownership), which prevents the ioctl path from being reachable by low-privileged users; note this will break any legitimate userspace GPIO applications relying on those devices. Alternatively, if GPIO character device support is not required, unloading or blacklisting the gpiolib-cdev kernel module eliminates the attack surface entirely with no side effects on non-GPIO workloads.

Vendor StatusVendor

SUSE

Severity: Moderate
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Not-Affected
SUSE Linux Enterprise Desktop 15 SP7 Not-Affected
SUSE Linux Enterprise High Availability Extension 15 SP7 Not-Affected
SUSE Linux Enterprise High Availability Extension 15 SP7 Not-Affected
SUSE Linux Enterprise High Performance Computing 15 SP7 Not-Affected

Share

EUVD-2026-34120 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy