CVE-2026-46098
A flaw was found in the Linux kernel's CAIF network module. When a client is torn down, the caiffreeclient function frees a service pointer but leaves it in a stale state. If the socket is later destroyed, caiffreeclient may be called again, attempting to use the previously freed pointer. This ca...