CVE-2026-46134

Summary

In the Linux kernel, the following vulnerability has been resolved:

platform/chrome: cros_ec_typec: Init mutex in Thunderbolt registration

cros_typec_register_thunderbolt() missed initializing the adata->lock mutex. This leads to a NULL dereference when the mutex is later acquired (e.g. in cros_typec_altmode_work()).

Initialize the mutex in cros_typec_register_thunderbolt() to fix the issue.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux3b00be26b16ad72c85624ada08cbae2d2c57b6e9 < 23ae72e8c2f1c1d1da8cbd479320ddcfcc9c7435affected
LinuxLinux3b00be26b16ad72c85624ada08cbae2d2c57b6e9 < 3b13d5883a097f538fccbab1c61c95546d29621faffected
LinuxLinux3b00be26b16ad72c85624ada08cbae2d2c57b6e9 < 525cb7ba6661074c1c5cc3772bccc6afab6791efaffected
LinuxLinux6.14affected
LinuxLinux0 < 6.14unaffected
LinuxLinux6.18.30 <= 6.18.*unaffected
LinuxLinux7.0.7 <= 7.0.*unaffected
LinuxLinux7.1 <= *unaffected

Weaknesses

References