CVE-2026-43447
Published: May 8, 2026
Modified: May 11, 2026
CVSS v3.1
7.8
Description
In the Linux kernel, the following vulnerability has been resolved: iavf: fix PTP use-after-free during reset Commit 7c01dbfc8a1c5f ("iavf: periodically cache PHC time") introduced a worker to cache PHC time, but failed to stop it during reset or disable. This creates a race condition where `iavf_reset_task()` or `iavf_disable_vf()` free adapter resources (AQ) while the worker is still running. If the worker triggers `iavf_queue_ptp_cmd()` during teardown, it accesses freed memory/locks, leading to a crash. Fix this by calling `iavf_ptp_release()` before tearing down the adapter. This ensures `ptp_clock_unregister()` synchronously cancels the worker and cleans up the chardev before the backing resources are destroyed.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 7c01dbfc8a1c5f8b8e4a7907ab06db1449d478d0 - < 1b034f2429ce6b45ce74dc266175d277acafc5c4affected 7c01dbfc8a1c5f8b8e4a7907ab06db1449d478d0 - < 90cc8b2add29b57288025b51c70bc647e7cccb12affected 7c01dbfc8a1c5f8b8e4a7907ab06db1449d478d0 - < efc54fb13d79117a825fef17364315a58682c7ec |
Linux | Linux | affected 6.15unaffected 0 - < 6.15unaffected 6.18.19 - <= 6.18.*unaffected 6.19.9 - <= 6.19.*unaffected 7.0 - <= * |
CVSS v3.1 Details
CVSS v3.1 Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now