CVE-2026-46097 Linux CVE debrief

Who should care

Organizations running Linux systems with EDT FT5x06 touchscreen hardware; embedded Linux developers; kernel maintainers; security teams monitoring local privilege escalation vectors through kernel drivers

Technical summary

The edt-ft5x06 touchscreen driver in the Linux kernel contained a use-after-free vulnerability in its debugfs teardown path. When commit 68743c500c6e removed manual debugfs teardown, the I2C core's deferred cleanup allowed debugfs file operations to continue after raw_buffer was freed. The vulnerability is triggered through concurrent debugfs read access during driver removal or error paths. The fix implements proper synchronization: raw_buffer freeing is protected by the device mutex, and the pointer is set to NULL. The existing debugfs read handler already checks for NULL under the same mutex, preventing dereference of freed memory. This is a local vulnerability requiring debugfs access, typically restricted to root or users with specific capabilities.

Defensive priority

medium

Recommended defensive actions

• Apply kernel patches from stable branches when available for your distribution
• Verify edt-ft5x06 driver is not loaded on systems where touchscreen functionality is not required
• Monitor vendor security advisories for kernel updates addressing this vulnerability
• Review systems with debugfs mounted for potential exposure surface
• Consider disabling debugfs (debugfs=off kernel parameter) on production systems where not required

Evidence notes

Vulnerability description confirms use-after-free in debugfs teardown path. Kernel git commits (ref-4, ref-5, ref-6) provide patch verification. No CVSS score assigned by NVD at time of disclosure.

Official resources