CVE-2026-46308

Source
https://cve.org/CVERecord?id=CVE-2026-46308
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-46308.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-46308
Downstream
Related
Published
2026-06-08T15:46:36.218Z
Modified
2026-07-10T03:54:06.123775135Z
Summary
pmdomain: mediatek: fix use-after-free in scpsys_get_bus_protection_legacy()
Details

In the Linux kernel, the following vulnerability has been resolved:

pmdomain: mediatek: fix use-after-free in scpsysgetbusprotectionlegacy()

In scpsysgetbusprotectionlegacy(), offindnodewithproperty() returns a device node with its reference count incremented. The function then calls ofnodeput(node) before checking whether sysconregmaplookupbyphandle() returns an error. If an error occurs, deverrprobe() dereferences the node pointer to print diagnostic information, but the node memory may have already been freed due to the earlier ofnodeput(), leading to a use-after-free vulnerability.

Fix this by moving the ofnodeput() call after the error check, ensuring the node is still valid when accessed in the error path.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/46xxx/CVE-2026-46308.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
c29345fa5f66bea0790cf2219f57b974d4fc177b
Fixed
cb27e43c0511e9e1ca8818d231656070b11c18cf
Fixed
38d8410021b55d226847b2ac8d189d89fe5a8866
Fixed
ec1fcddb3117d9452210e838fd37389ee61e10e8

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-46308.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.18.0
Fixed
6.18.30
Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
7.0.7

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-46308.json"