VYPR
High severity7.8NVD Advisory· Published May 8, 2026· Updated May 21, 2026

CVE-2026-43447

CVE-2026-43447

Description

In the Linux kernel, the following vulnerability has been resolved:

iavf: fix PTP use-after-free during reset

Commit 7c01dbfc8a1c5f ("iavf: periodically cache PHC time") introduced a worker to cache PHC time, but failed to stop it during reset or disable.

This creates a race condition where iavf_reset_task() or iavf_disable_vf() free adapter resources (AQ) while the worker is still running. If the worker triggers iavf_queue_ptp_cmd() during teardown, it accesses freed memory/locks, leading to a crash.

Fix this by calling iavf_ptp_release() before tearing down the adapter. This ensures ptp_clock_unregister() synchronously cancels the worker and cleans up the chardev before the backing resources are destroyed.

Affected products

7
  • Linux/Kernel5 versions
    cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*+ 4 more
    • cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*range: >=6.15,<6.18.19
    • cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*
    • (no CPE)
  • Linux/iavfllm-fuzzy

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.