FKIE_CVE-2026-46073

Vulnerability from fkie_nvd - Published: 2026-05-27 14:17 - Updated: 2026-05-27 14:48
Severity
Summary
In the Linux kernel, the following vulnerability has been resolved: hwmon: (powerz) Fix missing usb_kill_urb() on signal interrupt wait_for_completion_interruptible_timeout() returns -ERESTARTSYS when interrupted. This needs to abort the URB and return an error. No data has been received from the device so any reads from the transfer buffer are invalid. The original code tests !ret, which only catches the timeout case (0). On signal delivery (-ERESTARTSYS), !ret is false so the function skips usb_kill_urb() and falls through to read from the unfilled transfer buffer. Fix by capturing the return value into a long (matching the function return type) and handling signal (negative) and timeout (zero) cases with separate checks that both call usb_kill_urb() before returning.
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/8b51277eec433d4e724b273a5a5c64e8acfbe405
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/b66437cb20a2d9ef201f40b675569f8ea7787c9f
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/b6cb07f02253bdefd2339e57eaa1428a7b28cd0f
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/d64458784036f5818e22781254b6be299d52a19c
Impacted products
Vendor Product Version
To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (powerz) Fix missing usb_kill_urb() on signal interrupt\n\nwait_for_completion_interruptible_timeout() returns -ERESTARTSYS when\ninterrupted. This needs to abort the URB and return an error. No data\nhas been received from the device so any reads from the transfer\nbuffer are invalid.\n\nThe original code tests !ret, which only catches the timeout case (0).\nOn signal delivery (-ERESTARTSYS), !ret is false so the function skips\nusb_kill_urb() and falls through to read from the unfilled transfer\nbuffer.\n\nFix by capturing the return value into a long (matching the function\nreturn type) and handling signal (negative) and timeout (zero) cases\nwith separate checks that both call usb_kill_urb() before returning."
    }
  ],
  "id": "CVE-2026-46073",
  "lastModified": "2026-05-27T14:48:03.013",
  "metrics": {},
  "published": "2026-05-27T14:17:28.607",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/8b51277eec433d4e724b273a5a5c64e8acfbe405"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/b66437cb20a2d9ef201f40b675569f8ea7787c9f"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/b6cb07f02253bdefd2339e57eaa1428a7b28cd0f"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/d64458784036f5818e22781254b6be299d52a19c"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Awaiting Analysis"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.