CVE-2026-46075
Published May 27, 2026
Modified May 27, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: crypto: atmel-sha204a - Fix potential UAF and memory leak in remove path Unregister the hwrng to prevent new ->read() calls and flush the Atmel I2C workqueue before teardown to prevent a potential UAF if a queued callback runs while the device is being removed. Drop the early return to ensure sysfs entries are removed and ->hwrng.priv is freed, preventing a memory leak.
References
Other References
https://git.kernel.org/stable/c/1193c12126d39bf986a5a9214827b73707b193ab
https://git.kernel.org/stable/c/31901371ccd16b42d2f167b1018ba9ae8bd5a6c7
https://git.kernel.org/stable/c/775c00d87c385b758da9504cf053acea00e2ed40
https://git.kernel.org/stable/c/bab1adf3b87e4bfac92c4f5963c63db434d561c1
https://git.kernel.org/stable/c/c5a45d14234bf26e28a89e3a5dcc08336595cf11
Frequently Asked Questions
What is CVE-2026-46075? +
In the Linux kernel, the following vulnerability has been resolved:
crypto: atmel-sha204a - Fix potential UAF and memory leak in remove path
Unregister the hwrng to prevent new ->read() calls and flush the Atmel
I2C workqueue before teardown to prevent a potential UAF if a queued
callback runs while the device is being removed.
Drop the early return to ensure sysfs entries are removed and
->hwrng.priv is freed, preventing a memory leak.
How do I check if I'm vulnerable to CVE-2026-46075? +
You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.