CVE-2026-46285

UNKNOWN 0.0

mtd: docg3: fix use-after-free in docg3_release()

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

In the Linux kernel, the following vulnerability has been resolved: mtd: docg3: fix use-after-free in docg3_release() In docg3_release(), the docg3 pointer is obtained from cascade->floors[0]->priv before the loop that calls doc_release_device() on each floor. doc_release_device() frees the docg3 struct via kfree(docg3) at line 1881. After the loop, docg3->cascade->bch dereferences the already-freed pointer. Fix this by accessing cascade->bch directly, which is equivalent since docg3->cascade points back to the same cascade struct, and is already available as a local variable. This also removes the now-unused docg3 local variable.

Vendor	linux
Product	linux
Ecosystems	Linux Kernel
Industries	Technology
Published	Jun 8, 2026

Stay Ahead of the Next One

Get instant alerts for linux linux

Be the first to know when new unknown vulnerabilities affecting linux linux are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Linux / Linux

c8ae3f744ddca0da164bcacee42d1d4b6fe7027d < 8408655ec8344511667b61d8257dc59c80ee3391 c8ae3f744ddca0da164bcacee42d1d4b6fe7027d < f5d2ed4ed47d3906e2495a3537a48b127f497a17 c8ae3f744ddca0da164bcacee42d1d4b6fe7027d < 2bf706fe7831b319f23a85b9728f961cfed40c3e c8ae3f744ddca0da164bcacee42d1d4b6fe7027d < d26f8c361f751c188b7ebaf8189aa0258968fd98 c8ae3f744ddca0da164bcacee42d1d4b6fe7027d < 16f6588a3b7a2a20d10ad9b766be74c60ba347cc c8ae3f744ddca0da164bcacee42d1d4b6fe7027d < d89044889ecd11b0c2f86663597246e9bdd25679 c8ae3f744ddca0da164bcacee42d1d4b6fe7027d < d49628d63d4e6bbc8a1621afb88e5fc901611bee c8ae3f744ddca0da164bcacee42d1d4b6fe7027d < ca19808bc6fac7e29420d8508df569b346b3e339

Linux / Linux

5.8

References

NVD ↗ CVE.org ↗ EPSS Data ↗