In the Linux kernel, the following vulnerability has been resolved:
pmdomain: mediatek: fix use-after-free in scpsysgetbusprotectionlegacy()
In scpsysgetbusprotectionlegacy(), offindnodewithproperty() returns a device node with its reference count incremented. The function then calls ofnodeput(node) before checking whether sysconregmaplookupbyphandle() returns an error. If an error occurs, deverrprobe() dereferences the node pointer to print diagnostic information, but the node memory may have already been freed due to the earlier ofnodeput(), leading to a use-after-free vulnerability.
Fix this by moving the ofnodeput() call after the error check, ensuring the node is still valid when accessed in the error path.
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/46xxx/CVE-2026-46308.json",
"cna_assigner": "Linux"
}