{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-46073", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-05-13T15:03:33.095Z", "datePublished": "2026-05-27T12:58:01.478Z", "dateUpdated": "2026-05-27T12:58:01.478Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-27T12:58:01.478Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (powerz) Fix missing usb_kill_urb() on signal interrupt\n\nwait_for_completion_interruptible_timeout() returns -ERESTARTSYS when\ninterrupted. This needs to abort the URB and return an error. No data\nhas been received from the device so any reads from the transfer\nbuffer are invalid.\n\nThe original code tests !ret, which only catches the timeout case (0).\nOn signal delivery (-ERESTARTSYS), !ret is false so the function skips\nusb_kill_urb() and falls through to read from the unfilled transfer\nbuffer.\n\nFix by capturing the return value into a long (matching the function\nreturn type) and handling signal (negative) and timeout (zero) cases\nwith separate checks that both call usb_kill_urb() before returning."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/hwmon/powerz.c"], "versions": [{"version": "4381a36abdf1c5c0323c1c51f869dc000115eb20", "lessThan": "8b51277eec433d4e724b273a5a5c64e8acfbe405", "status": "affected", "versionType": "git"}, {"version": "4381a36abdf1c5c0323c1c51f869dc000115eb20", "lessThan": "b6cb07f02253bdefd2339e57eaa1428a7b28cd0f", "status": "affected", "versionType": "git"}, {"version": "4381a36abdf1c5c0323c1c51f869dc000115eb20", "lessThan": "d64458784036f5818e22781254b6be299d52a19c", "status": "affected", "versionType": "git"}, {"version": "4381a36abdf1c5c0323c1c51f869dc000115eb20", "lessThan": "b66437cb20a2d9ef201f40b675569f8ea7787c9f", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/hwmon/powerz.c"], "versions": [{"version": "6.7", "status": "affected"}, {"version": "0", "lessThan": "6.7", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.86", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.27", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0.4", "lessThanOrEqual": "7.0.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.1-rc1", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.7", "versionEndExcluding": "6.12.86"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.7", "versionEndExcluding": "6.18.27"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.7", "versionEndExcluding": "7.0.4"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.7", "versionEndExcluding": "7.1-rc1"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/8b51277eec433d4e724b273a5a5c64e8acfbe405"}, {"url": "https://git.kernel.org/stable/c/b6cb07f02253bdefd2339e57eaa1428a7b28cd0f"}, {"url": "https://git.kernel.org/stable/c/d64458784036f5818e22781254b6be299d52a19c"}, {"url": "https://git.kernel.org/stable/c/b66437cb20a2d9ef201f40b675569f8ea7787c9f"}], "title": "hwmon: (powerz) Fix missing usb_kill_urb() on signal interrupt", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (powerz) Fix missing usb_kill_urb() on signal interrupt\n\nwait_for_completion_interruptible_timeout() returns -ERESTARTSYS when\ninterrupted. This needs to abort the URB and return an error. No data\nhas been received from the device so any reads from the transfer\nbuffer are invalid.\n\nThe original code tests !ret, which only catches the timeout case (0).\nOn signal delivery (-ERESTARTSYS), !ret is false so the function skips\nusb_kill_urb() and falls through to read from the unfilled transfer\nbuffer.\n\nFix by capturing the return value into a long (matching the function\nreturn type) and handling signal (negative) and timeout (zero) cases\nwith separate checks that both call usb_kill_urb() before returning."}], "id": "CVE-2026-46073", "lastModified": "2026-05-27T14:48:03.013", "metrics": {}, "published": "2026-05-27T14:17:28.607", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/8b51277eec433d4e724b273a5a5c64e8acfbe405"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/b66437cb20a2d9ef201f40b675569f8ea7787c9f"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/b6cb07f02253bdefd2339e57eaa1428a7b28cd0f"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/d64458784036f5818e22781254b6be299d52a19c"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{}

{}