7.8

CVE-2026-52971

net: ena: PHC: Fix potential use-after-free in get_timestamp

In the Linux kernel, the following vulnerability has been resolved:

net: ena: PHC: Fix potential use-after-free in get_timestamp

Move the phc->active check and resp pointer assignment to after
acquiring the spinlock. Previously, phc->active was checked without
holding the lock, and resp was cached from ena_dev->phc.virt_addr
before the lock was acquired.

If ena_com_phc_destroy() runs between the lockless active check and
the lock acquisition, it sets active=false, releases the lock, frees
the DMA memory, and sets virt_addr=NULL. The get_timestamp path would
then read a NULL virt_addr and dereference it.

With both the active check and the pointer read under the lock,
destroy cannot free the memory while get_timestamp is using it.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerLinux
Produkt Linux
Default Statusunaffected
Version e0ea34158ee8c4f7536cd781010339ff28c0d24c
Version < 95e8ae9af2a61b4e72f5c585bf4c7d8aaf2a2c98
Status affected
Version e0ea34158ee8c4f7536cd781010339ff28c0d24c
Version < ca9ed40f28949353911dcb524ff8fff2f3409c97
Status affected
Version e0ea34158ee8c4f7536cd781010339ff28c0d24c
Version < e42c755582f0960e684298762f0ab927b3778376
Status affected
HerstellerLinux
Produkt Linux
Default Statusaffected
Version 6.17
Status affected
Version 0
Version < 6.17
Status unaffected
Version <= 6.18.*
Version 6.18.33
Status unaffected
Version <= 7.0.*
Version 7.0.10
Status unaffected
Version <= *
Version 7.1
Status unaffected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.13% 0.032
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
416baaa9-dc9f-4396-8d5f-8c081fb06d67 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://git.kernel.org/stable/c/95e8ae9af2a61b4e72f5c585bf4c7d8aaf2a2c98
https://git.kernel.org/stable/c/ca9ed40f28949353911dcb524ff8fff2f3409c97
https://git.kernel.org/stable/c/e42c755582f0960e684298762f0ab927b3778376