CVE-2026-23104

Name of the Vulnerable Software and Affected Versions Linux Kernel (affected versions not specified)

Description A flaw exists in the Linux kernel's ice driver related to HWMON sysfs attribute handling. A call trace can occur when a devlink reload is used to reinitialize the device, followed by driver removal. This happens because the ice hwmon exit() function is called from ice remove(), leaving an orphaned hwmon instance with a dangling pointer. This issue repeats approximately every 10 minutes when system monitoring tools attempt to read the orphaned sysfs attributes referencing freed module memory. The sequence involves driver loading, a devlink reload down (without calling ice remove()), a devlink reload up (resulting in a second instance), and finally driver unloading.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.