7.8
CVE-2026-43447
- EPSS 0.12%
- Veröffentlicht 08.05.2026 14:22:13
- Zuletzt bearbeitet 21.05.2026 17:02:04
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- CVE-Watchlists
- Unerledigt
iavf: fix PTP use-after-free during reset
In the Linux kernel, the following vulnerability has been resolved:
iavf: fix PTP use-after-free during reset
Commit 7c01dbfc8a1c5f ("iavf: periodically cache PHC time") introduced a
worker to cache PHC time, but failed to stop it during reset or disable.
This creates a race condition where `iavf_reset_task()` or
`iavf_disable_vf()` free adapter resources (AQ) while the worker is still
running. If the worker triggers `iavf_queue_ptp_cmd()` during teardown, it
accesses freed memory/locks, leading to a crash.
Fix this by calling `iavf_ptp_release()` before tearing down the adapter.
This ensures `ptp_clock_unregister()` synchronously cancels the worker and
cleans up the chardev before the backing resources are destroyed.Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 6.15 < 6.18.19
Linux ≫ Linux Kernel Version >= 6.19 < 6.19.9
Linux ≫ Linux Kernel Version7.0 Updaterc1
Linux ≫ Linux Kernel Version7.0 Updaterc2
Linux ≫ Linux Kernel Version7.0 Updaterc3
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.12% | 0.025 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-416 Use After Free
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
https://git.kernel.org/stable/c/1b034f2429ce6b45ce74dc266175d277acafc5c4
https://git.kernel.org/stable/c/90cc8b2add29b57288025b51c70bc647e7cccb12
https://git.kernel.org/stable/c/efc54fb13d79117a825fef17364315a58682c7ec