1. Home
  2. Vulnerabilities
  3. CVE-2026-43426
0.0
NA
CVE-2026-43426
usb: renesas_usbhs: fix use-after-free in ISR during device removal
Overview
Description

In the Linux kernel, the following vulnerability has been resolved: usb: renesas_usbhs: fix use-after-free in ISR during device removal In usbhs_remove(), the driver frees resources (including the pipe array) while the interrupt handler (usbhs_interrupt) is still registered. If an interrupt fires after usbhs_pipe_remove() but before the driver is fully unbound, the ISR may access freed memory, causing a use-after-free. Fix this by calling devm_free_irq() before freeing resources. This ensures the interrupt handler is both disabled and synchronized (waits for any running ISR to complete) before usbhs_pipe_remove() is called.

Details
INFO

Published Date :

May 8, 2026, 3:16 p.m.

Last Modified :

May 8, 2026, 3:16 p.m.

Remotely Exploit :

No

Source :

416baaa9-dc9f-4396-8d5f-8c081fb06d67
Impact
Affected Products

The following products are affected by CVE-2026-43426 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

No affected product recoded yet

: Total Affected Vendor : 0 | Products : 0
Solution
Fix use-after-free by disabling IRQ before freeing resources.
  • Disable and synchronize interrupt handler.
  • Free interrupt resources.
  • Free pipe array and other resources.
References
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2026-43426.

URL Resource
https://git.kernel.org/stable/c/0b7d11fd6e742ecc0b1eca44b4f0b93140c74bae
https://git.kernel.org/stable/c/1899edac312ef17a7234851686e8a703f56d0a84
https://git.kernel.org/stable/c/3cbc242b88c607f55da3d0d0d336b49bf1e20412
https://git.kernel.org/stable/c/51afaf919bbaacdd9cc9e146033ae0a743a42dd7
https://git.kernel.org/stable/c/6287e0c01ccb818e7214f88d885ffb7c9e81b0e0
https://git.kernel.org/stable/c/6ffe44f022c95b1b29c691d2169c5abc046f7580
https://git.kernel.org/stable/c/9c6159d5b72d5fc265cce5da04f27d730b552e69
https://git.kernel.org/stable/c/c7012fc73dab4829404fedeeaa8531f12ac8545f
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2026-43426 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2026-43426 weaknesses.

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2026-43426 vulnerability anywhere in the article.

Results are limited to the first 20 news articles due to potential performance issues.

The following table lists the changes that have been made to the CVE-2026-43426 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • New CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    May. 08, 2026

    Action Type Old Value New Value
    Added Description In the Linux kernel, the following vulnerability has been resolved: usb: renesas_usbhs: fix use-after-free in ISR during device removal In usbhs_remove(), the driver frees resources (including the pipe array) while the interrupt handler (usbhs_interrupt) is still registered. If an interrupt fires after usbhs_pipe_remove() but before the driver is fully unbound, the ISR may access freed memory, causing a use-after-free. Fix this by calling devm_free_irq() before freeing resources. This ensures the interrupt handler is both disabled and synchronized (waits for any running ISR to complete) before usbhs_pipe_remove() is called.
    Added Reference https://git.kernel.org/stable/c/0b7d11fd6e742ecc0b1eca44b4f0b93140c74bae
    Added Reference https://git.kernel.org/stable/c/1899edac312ef17a7234851686e8a703f56d0a84
    Added Reference https://git.kernel.org/stable/c/3cbc242b88c607f55da3d0d0d336b49bf1e20412
    Added Reference https://git.kernel.org/stable/c/51afaf919bbaacdd9cc9e146033ae0a743a42dd7
    Added Reference https://git.kernel.org/stable/c/6287e0c01ccb818e7214f88d885ffb7c9e81b0e0
    Added Reference https://git.kernel.org/stable/c/6ffe44f022c95b1b29c691d2169c5abc046f7580
    Added Reference https://git.kernel.org/stable/c/9c6159d5b72d5fc265cce5da04f27d730b552e69
    Added Reference https://git.kernel.org/stable/c/c7012fc73dab4829404fedeeaa8531f12ac8545f
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
CVSS
Vulnerability Scoring Details
No CVSS metrics available for this vulnerability.