CVE-2026-43447
Use-After-Free in Linux Kernel iavf Driver
Publication date: 2026-05-08
Last updated on: 2026-05-08
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| intel | iavf | * |
| linux_kernel | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
This vulnerability can cause the system to crash due to use-after-free memory access in the iavf driver. Such crashes can lead to denial of service, potentially disrupting network functionality or system stability.
Can you explain this vulnerability to me?
This vulnerability exists in the Linux kernel's iavf driver. A commit introduced a worker to periodically cache PHC time but failed to stop this worker during a reset or disable operation. This leads to a race condition where adapter resources are freed while the worker is still running. If the worker triggers a command during teardown, it accesses memory or locks that have already been freed, causing a crash.
The fix involves calling a release function before tearing down the adapter to ensure the worker is synchronously cancelled and resources are properly cleaned up.
What immediate steps should I take to mitigate this vulnerability?
The vulnerability is fixed by ensuring that the worker caching PHC time is stopped during reset or disable operations.
Specifically, the fix involves calling the function iavf_ptp_release() before tearing down the adapter. This call synchronously cancels the worker and cleans up resources to prevent use-after-free conditions.
Therefore, immediate mitigation steps include updating the Linux kernel to a version containing this fix or applying the patch that calls iavf_ptp_release() during adapter reset or disable.