NuytsTech Security

CVE-2026-46109

by ·

In the Linux kernel, the following vulnerability has been resolved:

usb: ulpi: fix memory leak on ulpi_register() error paths

Commit 01af542392b5 (“usb: ulpi: fix double free in
ulpi_register_interface() error path”) removed kfree(ulpi) from
ulpi_register_interface() to fix a double-free when device_register()
fails.

But when ulpi_of_register() or ulpi_read_id() fail before
device_register() is called, the ulpi allocation is leaked.

Add kfree(ulpi) on both error paths to properly clean up the allocation.

More information : https://git.kernel.org/stable/c/0b9fcab1b8608d429e5f239afb197de928d4de7d

Tags: