CVE-2026-45914
Awaiting Analysis Awaiting Analysis - Queue
Race Condition in Linux Kernel IBMPEX Driver

Publication date: 2026-05-27

Last updated on: 2026-05-27

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: Revert "hwmon: (ibmpex) fix use-after-free in high/low store" This reverts commit 6946c726c3f4c36f0f049e6f97e88c510b15f65d. Jean Delvare points out that the patch does not completely fix the reported problem, that it in fact introduces a (new) race condition, and that it may actually not be needed in the first place. Various AI reviews agree. Specific and relevant AI feedback: " This reordering sets the driver data to NULL before removing the sensor attributes in the loop below. ibmpex_show_sensor() retrieves this driver data via dev_get_drvdata() but does not check if it is NULL before dereferencing it to access data->sensors[]. If a userspace process reads a sensor file (like temp1_input) while this delete function is running, could it race with the dev_set_drvdata(..., NULL) call here and crash in ibmpex_show_sensor()? Would it be safer to keep the original order where device_remove_file() is called before clearing the driver data? device_remove_file() should wait for any active sysfs callbacks to complete, which might already prevent the use-after-free this patch intends to fix. " Revert the offending patch. If it can be shown that the originally reported alleged race condition does indeed exist, it can always be re-introduced with a complete fix.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-27
Last Modified
2026-05-27
Generated
2026-06-16
AI Q&A
2026-05-27
EPSS Evaluated
2026-06-15
NVD
CVE-2026-45914
EUVD
EUVD-2026-32380
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability involves a use-after-free issue in the Linux kernel's ibmpex hardware monitoring driver. A patch intended to fix the problem was reverted because it introduced a new race condition. Specifically, the patch reordered operations such that driver data was set to NULL before sensor attributes were removed, which could cause a userspace process reading sensor data to access freed memory, potentially leading to a crash.

The original patch was meant to fix a use-after-free bug, but it was found to be incomplete and possibly unnecessary. The safer approach is to remove device files before clearing driver data, as device removal waits for any active callbacks to finish, preventing the use-after-free condition.

Impact Analysis

If exploited, this vulnerability could cause a userspace process that reads sensor data from the ibmpex driver to crash due to accessing freed memory. This could lead to system instability or denial of service in environments relying on this hardware monitoring functionality.

Mitigation Strategies

The vulnerability involves a use-after-free and potential race condition in the ibmpex hardware monitoring driver in the Linux kernel.

The immediate mitigation is to ensure that the kernel version you are running has reverted the problematic patch (commit 6946c726c3f4c36f0f049e6f97e88c510b15f65d) as described in the CVE.

If you are maintaining your own kernel or using a distribution kernel, update to a version that includes this revert to avoid the race condition and use-after-free.

If updating immediately is not possible, avoid running userspace processes that read sensor files (such as temp1_input) from the ibmpex driver while the device removal or driver data clearing operations are in progress.

Compliance Impact

The provided information does not specify any impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-45914. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart