CVE-2026-46098

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.

In the Linux kernel, the following vulnerability has been resolved:

net: caif: clear client service pointer on teardown

caif connect() can tear down an existing client after remote shutdown by calling caif disconnect client() followed by caif free client(). caif free client() releases the service layer referenced by adap layer->dn, but leaves that pointer stale.

When the socket is later destroyed, caif sock destructor() calls caif free client() again and dereferences the freed service pointer.

Clear the client/service links before releasing the service object so repeated teardown becomes harmless.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2026-46098

Affected Products

Linux

CVE-2026-46098

Related Identifiers

Affected Products

References · 6