High severity7.8NVD Advisory· Published May 8, 2026· Updated May 21, 2026
CVE-2026-43447
CVE-2026-43447
Description
In the Linux kernel, the following vulnerability has been resolved:
iavf: fix PTP use-after-free during reset
Commit 7c01dbfc8a1c5f ("iavf: periodically cache PHC time") introduced a worker to cache PHC time, but failed to stop it during reset or disable.
This creates a race condition where iavf_reset_task() or iavf_disable_vf() free adapter resources (AQ) while the worker is still running. If the worker triggers iavf_queue_ptp_cmd() during teardown, it accesses freed memory/locks, leading to a crash.
Fix this by calling iavf_ptp_release() before tearing down the adapter. This ensures ptp_clock_unregister() synchronously cancels the worker and cleans up the chardev before the backing resources are destroyed.
Affected products
7Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.