PatchSiren cyber security CVE debrief
CVE-2026-46292 Linux CVE debrief
A vulnerability was discovered in the Linux kernel's pmdomain core. The issue arises from a missing call to pm_runtime_disable() in genpd_dev_pm_detach(), which can cause runtime PM to remain enabled for virtual devices after they are detached from their genpd. This can lead to critical errors, such as a NULL pointer dereference bug in genpd_runtime_suspend(), or unnecessary performance state votes for devices.
- Vendor
- Linux
- Product
- Unknown
- CVSS
- Unknown
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-08
- Original CVE updated
- 2026-06-08
- Advisory published
- 2026-06-08
- Advisory updated
- 2026-06-08
Who should care
Linux kernel developers and users who rely on the pmdomain core functionality should be aware of this vulnerability.
Technical summary
The vulnerability is caused by a missing call to pm_runtime_disable() in genpd_dev_pm_detach(). This can lead to issues such as critical errors and unnecessary performance state votes.
Defensive priority
high
Recommended defensive actions
- Apply the patches provided in the kernel.org references to fix the vulnerability.
- Ensure that the Linux kernel is updated to a version that includes the fix.
Evidence notes
The vulnerability was resolved by adding a call to pm_runtime_disable() in genpd_dev_pm_detach().
Official resources
-
CVE-2026-46292 CVE record
CVE.org
-
CVE-2026-46292 NVD detail
NVD
-
Source item URL
nvd_modified
-
Source reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67
-
Source reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67
-
Source reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67
-
Source reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67
-
Source reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67
public