CVE-2026-46098
Published: May 27, 2026· Updated: Jun 1, 2026
Official Description
In the Linux kernel, the following vulnerability has been resolved:
net: caif: clear client service pointer on teardown
`caif_connect()` can tear down an existing client after remote shutdown by
calling `caif_disconnect_client()` followed by `caif_free_client()`.
`caif_free_client()` releases the service layer referenced by
`adap_layer->dn`, but leaves that pointer stale.
When the socket is later destroyed, `caif_sock_destructor()` calls
`caif_free_client()` again and dereferences the freed service pointer.
Clear the client/service links before releasing the service object so
repeated teardown becomes harmless.
Technical Analysis
CVE-2026-46098 requires local access, meaning attackers must already have a foothold on the target system.
Exploitation requires some privileges, which limits the exposure to scenarios where an attacker has already gained initial access.
Affected Vendors & Products
Exploit & PoC Resources
All References (8)
Quick Facts
Recommended Actions
- →Apply vendor patches immediately
- →Monitor CVE-2026-46098 in threat intel feeds
- →Review IDS/IPS signatures for exploitation attempts