CVE-2026-43426

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A use-after-free issue exists in the renesas usbhs driver. In the usbhs remove() function, the driver releases resources, including the pipe array, while the interrupt handler usbhs interrupt() remains registered. If an interrupt occurs after usbhs pipe remove() is executed but before the driver is completely unbound, the Interrupt Service Routine (ISR)—a specialized function that handles hardware interrupts—may access memory that has already been freed.

Recommendations Call devm free irq() before freeing resources to ensure the interrupt handler is disabled and synchronized before usbhs pipe remove() is called.