CVE-2026-52971
Received Received - Intake
BaseFortify

Publication date: 2026-06-24

Last updated on: 2026-06-24

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: net: ena: PHC: Fix potential use-after-free in get_timestamp Move the phc->active check and resp pointer assignment to after acquiring the spinlock. Previously, phc->active was checked without holding the lock, and resp was cached from ena_dev->phc.virt_addr before the lock was acquired. If ena_com_phc_destroy() runs between the lockless active check and the lock acquisition, it sets active=false, releases the lock, frees the DMA memory, and sets virt_addr=NULL. The get_timestamp path would then read a NULL virt_addr and dereference it. With both the active check and the pointer read under the lock, destroy cannot free the memory while get_timestamp is using it.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-24
Last Modified
2026-06-24
Generated
2026-06-25
AI Q&A
2026-06-24
EPSS Evaluated
N/A
NVD
CVE-2026-52971
EUVD
EUVD-2026-38839
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
linux linux_kernel *
amazon ena *-*
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linux kernel's ena network driver related to the Precision Hardware Clock (PHC) functionality. The issue is a potential use-after-free bug in the get_timestamp function. Specifically, the code checked if the PHC was active without holding a lock, and then cached a pointer before acquiring a spinlock. If the PHC was destroyed concurrently between these steps, the memory could be freed and the pointer set to NULL, leading to a dereference of a NULL pointer. The fix involved moving the active check and pointer assignment to occur only after acquiring the spinlock, preventing the memory from being freed while it is still in use.

Impact Analysis

This vulnerability can lead to a use-after-free condition in the Linux kernel's network driver, which may cause system instability or crashes due to dereferencing a NULL pointer. Such behavior could potentially be exploited to cause denial of service or other unpredictable kernel behavior, impacting the reliability and availability of systems running vulnerable versions of the Linux kernel.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-52971. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart