CVE-2026-46098

UNKNOWN 0.0

net: caif: clear client service pointer on teardown

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

In the Linux kernel, the following vulnerability has been resolved: net: caif: clear client service pointer on teardown `caif_connect()` can tear down an existing client after remote shutdown by calling `caif_disconnect_client()` followed by `caif_free_client()`. `caif_free_client()` releases the service layer referenced by `adap_layer->dn`, but leaves that pointer stale. When the socket is later destroyed, `caif_sock_destructor()` calls `caif_free_client()` again and dereferences the freed service pointer. Clear the client/service links before releasing the service object so repeated teardown becomes harmless.

Vendor	linux
Product	linux
Ecosystems	Linux Kernel
Industries	Technology
Published	May 27, 2026
Last Updated	Jun 1, 2026

Stay Ahead of the Next One

Get instant alerts for linux linux

Be the first to know when new unknown vulnerabilities affecting linux linux are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Linux / Linux

43e3692101086add8719c3b8b50b05c9ac5b14e1 < cffca7a18b8f9de7c3d3013a1f5740c412b2a501 43e3692101086add8719c3b8b50b05c9ac5b14e1 < 7ef97d4675b05a103648bd9244d91dff7d8c08b0 43e3692101086add8719c3b8b50b05c9ac5b14e1 < e16859f3f4426fa349bc5519d582a93d28f5a15d 43e3692101086add8719c3b8b50b05c9ac5b14e1 < 914c6456fcfc21a3d553945dff62fd1621d6155d 43e3692101086add8719c3b8b50b05c9ac5b14e1 < 3ac6db584d9d420267bb8413115707eeec76d9cf 43e3692101086add8719c3b8b50b05c9ac5b14e1 < 63d21a3aa0108b9dde4e99b0d3d5d679ac68c0f9 43e3692101086add8719c3b8b50b05c9ac5b14e1 < a4b191ddc12c55ddb62feb096536f819f384d6f1 43e3692101086add8719c3b8b50b05c9ac5b14e1 < f7cf8ece8cee3c1ee361991470cdb1eb65ab02e8

Linux / Linux

3.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗