HOMEVULNERABILITIESCVE-2026-46202
NONE

CVE-2026-46202

Published: May 28, 2026· Updated: May 28, 2026

EPSS:0.02%probability of exploitation in 30 daysPercentile:4.5th

Official Description

In the Linux kernel, the following vulnerability has been resolved:

HID: appletb-kbd: run inactivity autodim from workqueues

The autodim code in hid-appletb-kbd takes backlight_device->ops_lock

via backlight_device_set_brightness() -> mutex_lock() from two

different atomic contexts:

* appletb_inactivity_timer() is a struct timer_list callback, so it

runs in softirq context. Every expiry triggers

BUG: sleeping function called from invalid context at kernel/locking/mutex.c:591

Call Trace:

<IRQ>

__might_resched

__mutex_lock

backlight_device_set_brightness

appletb_inactivity_timer

call_timer_fn

run_timer_softirq

* reset_inactivity_timer() is called from appletb_kbd_hid_event() and

appletb_kbd_inp_event(). On real USB hardware these run in

softirq/IRQ context (URB completion and input-event dispatch).

When the Touch Bar has already been dimmed or turned off, the

reset path calls backlight_device_set_brightness() directly to

restore brightness, producing the same warning.

Both call sites hit the same mutex_lock()-from-atomic bug. Fix them

together by moving the blocking work onto the system workqueue:

* Convert the inactivity timer from struct timer_list to

struct delayed_work; the callback (appletb_inactivity_work) now

runs in process context where mutex_lock() is legal.

* Add a dedicated struct work_struct restore_brightness_work and have

reset_inactivity_timer() schedule it instead of calling

backlight_device_set_brightness() directly.

Cancel both works synchronously during driver tear-down alongside the

existing backlight reference drop.

The semantics are unchanged (same delays, same state transitions on

dim, turn-off and user activity); only the execution context of the

sleeping call changes. The timer field and callback are renamed to

match their new type; reset_inactivity_timer() keeps its name because

it is invoked from input event paths that read naturally as "reset

the inactivity timer".

NVD Source

Technical Analysis

CVE-2026-46202 requires local access, meaning attackers must already have a foothold on the target system.

Exploitation requires some privileges, which limits the exposure to scenarios where an attacker has already gained initial access.

Affected Vendors & Products

Mentioned vendors (from description):
Linux
CPE data not yet available in NVD for this CVE.

Exploit & PoC Resources

NO KNOWN EXPLOITNo public exploit confirmed at this time
External links open in a new tab. Always verify in a controlled environment before use.

All References (3)

Quick Facts

CVE IDCVE-2026-46202
SeverityNONE
CISA KEVNo
EPSS (30d)0.02%
PublishedMay 28, 2026

Recommended Actions

  • Apply vendor patches immediately
  • Monitor CVE-2026-46202 in threat intel feeds
  • Review IDS/IPS signatures for exploitation attempts
Data sourced from NVD (NIST), CISA KEV, and EPSS (FIRST). Analysis generated by CTIWATCH.COM. CVE data is provided under the NVD usage policy.