AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2026-46202: In the Linux kernel, the following vulnerability has been resolved: HID: appletb-kbd: run inactivity autodim from workq

infovulnerability

security

Source: NVD/CVE DatabaseMay 28, 2026CVE-2026-46202

Summary

A bug in the Linux kernel's Apple keyboard driver caused the system to crash when trying to lock a mutex (a synchronization tool that prevents simultaneous access to shared resources) from unsafe contexts like interrupt handlers. The driver was trying to dim the keyboard backlight from both a timer callback and event handlers, which run in atomic context (where blocking operations aren't allowed), triggering a "sleeping function called from invalid context" error.

Solution / Mitigation

The fix converts the inactivity timer from a struct timer_list to a struct delayed_work (a mechanism that schedules code to run safely in process context), and adds a dedicated struct work_struct restore_brightness_work. This allows backlight_device_set_brightness() calls to happen in process context where mutex_lock() is legal. Both works are cancelled synchronously during driver tear-down.

Vulnerability Details

EPSS (30-day exploit probability)

EPSS: 0.0%

Disclosure Date

May 28, 2026

Classification

Attack SophisticationModerate

Monthly digest — independent AI security research

Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-46202

First tracked: May 28, 2026 at 08:08 AM

Classified by LLM (prompt v3) · confidence: 95%