CVE-2026-43447

Summary

In the Linux kernel, the following vulnerability has been resolved:

iavf: fix PTP use-after-free during reset

Commit 7c01dbfc8a1c5f ("iavf: periodically cache PHC time") introduced a worker to cache PHC time, but failed to stop it during reset or disable.

This creates a race condition where iavf_reset_task() or iavf_disable_vf() free adapter resources (AQ) while the worker is still running. If the worker triggers iavf_queue_ptp_cmd() during teardown, it accesses freed memory/locks, leading to a crash.

Fix this by calling iavf_ptp_release() before tearing down the adapter. This ensures ptp_clock_unregister() synchronously cancels the worker and cleans up the chardev before the backing resources are destroyed.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux7c01dbfc8a1c5f8b8e4a7907ab06db1449d478d0 < 1b034f2429ce6b45ce74dc266175d277acafc5c4affected
LinuxLinux7c01dbfc8a1c5f8b8e4a7907ab06db1449d478d0 < 90cc8b2add29b57288025b51c70bc647e7cccb12affected
LinuxLinux7c01dbfc8a1c5f8b8e4a7907ab06db1449d478d0 < efc54fb13d79117a825fef17364315a58682c7ecaffected
LinuxLinux6.15affected
LinuxLinux0 < 6.15unaffected
LinuxLinux6.18.19 <= 6.18.*unaffected
LinuxLinux6.19.9 <= 6.19.*unaffected
LinuxLinux7.0 <= *unaffected

Weaknesses

References