Description
In the Linux kernel, the following vulnerability has been resolved:

gpio: cdev: Avoid NULL dereference in linehandle_create()

In linehandle_create(), there is a statement like this:
retain_and_null_ptr(lh);

Soon after, there is a debug printout that dereferences "lh", which
will crash things.

Avoid the crash by using handlereq.lines, which is the same value.
Published: 2026-06-03
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The kernel contains a NULL dereference in the function linehandle_create within the GPIO character device subsystem. After a retain_and_null_ptr call, a debug printout dereferences the lh pointer, causing a crash. This results in a loss of kernel stability and a denial of service. The weakness is a classic NULL pointer dereference flaw.

Affected Systems

All Linux kernel implementations are affected until a fix is applied. The patch is included in newer kernel releases that incorporate the commits referenced in the vulnerability advisory.

Risk and Exploitability

The EPSS score is < 1% and the vulnerability is not listed in CISA KEV, so the probability of exploitation is very low. The CVSS score is 5.5, indicating a moderate severity. However, the bug can be triggered by code that invokes linehandle_create, and based on the description, it is inferred that an attacker with the ability to execute kernel‑level or privileged code could trigger an immediate system crash. The impact is total loss of availability for the infected host.

Generated by OpenCVE AI on June 9, 2026 at 23:10 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Linux kernel to a version that contains the commit fixes for this issueIf building the kernel manually, apply the changes from the provided git commits to the source tree.
  • Reboot the system after the update to load the patched kernel.
  • If a distribution kernel update is not available, patch the kernel source manually with the provided commits and rebuild to apply the fix.

Generated by OpenCVE AI on June 9, 2026 at 23:10 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 09 Jun 2026 20:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

Thu, 04 Jun 2026 00:15:00 +0000

Type Values Removed Values Added
References

Wed, 03 Jun 2026 19:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-476

Wed, 03 Jun 2026 17:45:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: gpio: cdev: Avoid NULL dereference in linehandle_create() In linehandle_create(), there is a statement like this: retain_and_null_ptr(lh); Soon after, there is a debug printout that dereferences "lh", which will crash things. Avoid the crash by using handlereq.lines, which is the same value.
Title gpio: cdev: Avoid NULL dereference in linehandle_create()
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-06-03T15:49:55.372Z

Reserved: 2026-05-13T15:03:33.108Z

Link: CVE-2026-46258

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-06-03T18:16:26.860

Modified: 2026-06-09T20:09:58.150

Link: CVE-2026-46258

cve-icon Redhat

Severity :

Publid Date: 2026-06-03T00:00:00Z

Links: CVE-2026-46258 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-09T23:15:16Z

Weaknesses