CVE Catalog

CVE-2026-46134

MediumCVSS 5.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.17%

7th percentile - higher than 7% of all known CVEs

Summary

A vulnerability has been identified in the Linux kernel related to the lack of mutex initialization in Thunderbolt registration. Improper mutex management leads to a NULL dereference, potentially causing system crashes.

Risk Assessment

The lack of mutex initialization can lead to serious stability issues, threatening the continuity of services within the organization.

Recommendation

It is recommended to update the Linux kernel to ensure proper mutex initialization in the cros_typec_register_thunderbolt() function.

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: platform/chrome: cros_ec_typec: Init mutex in Thunderbolt registration cros_typec_register_thunderbolt() missed initializing the `adata->lock` mutex. This leads to a NULL dereference when the mutex is later acquired (e.g. in cros_typec_altmode_work()). Initialize the mutex in cros_typec_register_thunderbolt() to fix the issue.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS