Copyright © 2012 Red Hat, Inc. All rights reserved. Low 2026-05-27T00:00:00 kernel: HID: intel-ish-hid: fix NULL-ptr-deref in ishtp_bus_remove_all_clients 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CWE-476

In the Linux kernel, the following vulnerability has been resolved: HID: intel-ish-hid: fix NULL-ptr-deref in ishtp_bus_remove_all_clients During a warm reset flow, the cl->device pointer may be NULL if the reset occurs while clients are still being enumerated. Accessing cl->device->reference_count without a NULL check leads to a kernel panic. This issue was identified during multi-unit warm reboot stress clycles. Add a defensive NULL check for cl->device to ensure stability under such intensive testing conditions. KASAN: null-ptr-deref in range [0000000000000000-0000000000000007] Workqueue: ish_fw_update_wq fw_reset_work_fn Call Trace: ishtp_bus_remove_all_clients+0xbe/0x130 [intel_ishtp] ishtp_reset_handler+0x85/0x1a0 [intel_ishtp] fw_reset_work_fn+0x8a/0xc0 [intel_ish_ipc]

A flaw was found in the Linux kernel's Intel Integrated Sensor Hub (ISH) HID driver. During a warm reset, a NULL-pointer dereference can occur if clients are still being enumerated. This can lead to a kernel panic, causing the system to become unstable or unavailable, resulting in a Denial of Service (DoS).

Red Hat Enterprise Linux 10 Fix deferred kernel Red Hat Enterprise Linux 6 Not affected kernel Red Hat Enterprise Linux 7 Fix deferred kernel Red Hat Enterprise Linux 7 Fix deferred kernel-rt Red Hat Enterprise Linux 8 Fix deferred kernel Red Hat Enterprise Linux 8 Fix deferred kernel-rt Red Hat Enterprise Linux 9 Fix deferred kernel Red Hat Enterprise Linux 9 Fix deferred kernel-rt https://www.cve.org/CVERecord?id=CVE-2026-45877 https://nvd.nist.gov/vuln/detail/CVE-2026-45877 https://lore.kernel.org/linux-cve-announce/2026052714-CVE-2026-45877-f416@gregkh/T