CVE-2026-45977

In the Linux kernel, the following vulnerability has been resolved:

fbnic: close fw log race between users and teardown

Fixes a theoretical race on fw log between the teardown path and fw log write functions.

fw log is written inside fbnic fw log write() and can be reached from the mailbox handler fbnic fw msix intr(), but fw log is freed before IRQ/MBX teardown during cleanup, resulting in a potential data race of dereferencing a freed/null variable.

Possible Interleaving Scenario: CPU0: fbnic fw msix intr() // Entry fbnic fw log write() if (fbnic fw log ready()) // true ... preempt ... CPU1: fbnic remove() // Entry fbnic fw log free() vfree(log->data start); log->data start = NULL; CPU0: continues, walks log->entries or writes to log->data start

The initialization also has an incorrect order problem, as the fw log is currently allocated after MBX setup during initialization. Fix the problems by adjusting the synchronization order to put initialization in place before the mailbox is enabled, and not cleared until after the mailbox has been disabled.