{
  "affected": [
    {
      "ranges": [
        {
          "events": [
            {
              "introduced": "3703f53b99e4a7c373ce3568dd3f91f175ebb626"
            },
            {
              "fixed": "0b605e8ce60698c27a26f512968a597fd620d2e8"
            },
            {
              "fixed": "feb4bcfd405282de60aba321f13a1272b30c5af4"
            },
            {
              "fixed": "272dac57caa981718e7188c80c703e7bb1998054"
            },
            {
              "fixed": "56f7db581ee73af53cd512e00a6261a025bf1d58"
            }
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "type": "GIT"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Linux",
        "name": "Kernel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "4.9.0"
            },
            {
              "fixed": "6.12.75"
            }
          ],
          "type": "ECOSYSTEM"
        },
        {
          "events": [
            {
              "introduced": "6.13.0"
            },
            {
              "fixed": "6.18.14"
            }
          ],
          "type": "ECOSYSTEM"
        },
        {
          "events": [
            {
              "introduced": "6.19.0"
            },
            {
              "fixed": "6.19.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "database_specific": {
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/45xxx/CVE-2026-45877.json"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: intel-ish-hid: fix NULL-ptr-deref in ishtp_bus_remove_all_clients\n\nDuring a warm reset flow, the cl-\u003edevice pointer may be NULL if the\nreset occurs while clients are still being enumerated. Accessing\ncl-\u003edevice-\u003ereference_count without a NULL check leads to a kernel panic.\n\nThis issue was identified during multi-unit warm reboot stress clycles.\nAdd a defensive NULL check for cl-\u003edevice to ensure stability under\nsuch intensive testing conditions.\n\nKASAN: null-ptr-deref in range [0000000000000000-0000000000000007]\nWorkqueue: ish_fw_update_wq fw_reset_work_fn\n\nCall Trace:\n ishtp_bus_remove_all_clients+0xbe/0x130 [intel_ishtp]\n ishtp_reset_handler+0x85/0x1a0 [intel_ishtp]\n fw_reset_work_fn+0x8a/0xc0 [intel_ish_ipc]",
  "id": "CVE-2026-45877",
  "modified": "2026-07-08T05:38:46.702421607Z",
  "published": "2026-05-27T12:16:46.910Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0b605e8ce60698c27a26f512968a597fd620d2e8"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/272dac57caa981718e7188c80c703e7bb1998054"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/56f7db581ee73af53cd512e00a6261a025bf1d58"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/feb4bcfd405282de60aba321f13a1272b30c5af4"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/45xxx/CVE-2026-45877.json"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45877"
    },
    {
      "type": "PACKAGE",
      "url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"
    }
  ],
  "schema_version": "1.7.5",
  "summary": "HID: intel-ish-hid: fix NULL-ptr-deref in ishtp_bus_remove_all_clients"
}