PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-46202 Linux CVE debrief

## Summary CVE-2026-46202 is a Linux kernel bug in the `hid-appletb-kbd` driver (Apple Touch Bar keyboard HID support). The driver’s backlight autodim logic called `backlight_device_set_brightness()`—which takes a mutex—from two atomic contexts: a timer-list softirq callback and input-event handlers running in IRQ/softirq context. This triggered “sleeping function called from invalid context” warnings and could lead to system instability. The fix converts the timer to a `delayed_work` and moves the brightness restore to a dedicated `work_struct`, ensuring all blocking operations run in process context. ## Affected Product - **Product:** Linux kernel HID driver `hid-appletb-kbd` (Apple Touch Bar keyboard support) - **Affected versions:** Not explicitly enumerated in source; patches apply to stable kernel branches. - **Fixed versions:** See patch commits in resource links. ## Root Cause The `appletb_inactivity_timer()` timer-list callback and `reset_inactivity_timer()` (invoked from `appletb_kbd_hid_event()` and `appletb_kbd_inp_event()`) both executed `backlight_device_set_brightness()`, which internally calls `mutex_lock()`. Mutex acquisition from softirq/IRQ context violates kernel preemption rules, producing `BUG: sleeping function called from invalid context` warnings. ## Impact - **Availability:** Local denial of service (kernel warnings, potential soft lockups or instability). - **Confidentiality/Integrity:** Not directly impacted. - **Attack vector:** Local; requires physical or emulated input events to trigger the autodim/restore paths. ## Exploitation Status No evidence of active exploitation or weaponized proof-of-concept in supplied sources. ## Patches Upstream stable kernel commits resolve the issue by: 1. Converting `struct timer_list` to `struct delayed_work` (`appletb_inactivity_work`). 2. Adding `struct work_struct restore_brightness_work` for synchronous brightness restoration. 3. Cancelling both works during driver teardown. ## Recommended Actions 1. **Upgrade:** Apply the relevant stable kernel patch (see resource links) or upgrade to a kernel version containing the fix. 2. **Verify:** Confirm `hid-appletb-kbd` is not in `d

Vendor
Linux
Product
Unknown
CVSS
Unknown
CISA KEV
Not listed in stored evidence
Original CVE published
2026-05-28
Original CVE updated
2026-05-28
Advisory published
2026-05-28
Advisory updated
2026-05-28

Who should care

Linux system administrators managing Apple MacBook hardware with Touch Bar; kernel maintainers backporting stable patches.

Technical summary

The hid-appletb-kbd driver for Apple Touch Bar keyboards triggered kernel warnings by calling mutex-based backlight functions from softirq/IRQ context. The fix restructures the autodim logic to use process-context workqueues, eliminating the invalid context sleeps without changing functional semantics.

Defensive priority

medium

Recommended defensive actions

  • Apply the relevant stable kernel patch or upgrade to a kernel version containing the fix
  • Verify hid-appletb-kbd is not loaded on systems where Apple Touch Bar support is unnecessary
  • Monitor kernel logs for 'sleeping function called from invalid context' warnings as an indicator of unpatched systems

Evidence notes

Root cause and fix description derived from CVE description and kernel commit references. No CVSS score or severity assigned in source; marked null. Vendor attribution inferred from reference domain (Kernel) with low confidence per source metadata.

Official resources

public