PT-2026-52329 · Linux · Linux
Publicado
2026-06-25
·
Atualizado
2026-06-25
·
CVE-2026-53234
Nenhuma
Não há classificações de severidade ou métricas disponíveis. Quando houver, atualizaremos as informações correspondentes na página.
In the Linux kernel, the following vulnerability has been resolved:
net: ibm: emac: Fix use-after-free during device removal
The driver was using devm register netdev() which causes unregister netdev()
to be deferred until the devres cleanup phase, which runs after emac remove()
returns. This creates a use-after-free window where:
- emac remove() is called, which tears down hardware (cancels work, detaches modules, unregisters from MAL)
- emac remove() returns
- devres cleanup runs and finally calls unregister netdev()
During step 3, the network stack might still process packets, triggering
emac irq(), emac poll(), or other handlers that access now-freed hardware
resources (dev->emacp, dev->mal, etc.).
Fix this by replacing devm register netdev() with manual register netdev()
and calling unregister netdev() at the beginning of emac remove(), before
any hardware teardown. This ensures the network device is fully stopped and
unregistered before hardware resources are released.
The change is safe because:
- dev->ndev is assigned very early in probe (before any error paths that could bypass emac remove)
- platform set drvdata() is only called after successful registration, so emac remove() only runs for fully registered devices
- unregister netdev() is idempotent and safe to call on any registered device
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Linux