CVE-2026-43447

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A use-after-free issue exists in the iavf driver. A worker introduced to cache PHC (PTP Hardware Clock) time is not stopped during reset or disable operations. This creates a race condition where iavf reset task() or iavf disable vf() free adapter resources while the worker is still active. If the worker calls the iavf queue ptp cmd() function during this teardown process, it accesses freed memory or locks, resulting in a system crash.

Recommendations Call iavf ptp release() before tearing down the adapter to ensure ptp clock unregister() synchronously cancels the worker and cleans up the character device before backing resources are destroyed.