CVE-2026-53297
Received Received - Intake
Double Invocation Guard in Linux Kernel Mana Driver

Publication date: 2026-06-26

Last updated on: 2026-06-26

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: net: mana: Guard mana_remove against double invocation If PM resume fails (e.g., mana_attach() returns an error), mana_probe() calls mana_remove(), which tears down the device and sets gd->gdma_context = NULL and gd->driver_data = NULL. However, a failed resume callback does not automatically unbind the driver. When the device is eventually unbound, mana_remove() is invoked a second time. Without a NULL check, it dereferences gc->dev with gc == NULL, causing a kernel panic. Add an early return if gdma_context or driver_data is NULL so the second invocation is harmless. Move the dev = gc->dev assignment after the guard so it cannot dereference NULL.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-26
Last Modified
2026-06-26
Generated
2026-06-27
AI Q&A
2026-06-26
EPSS Evaluated
N/A
NVD
CVE-2026-53297
EUVD
EUVD-2026-39902
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
linux_kernel linux_kernel *
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linux kernel's mana network driver. When the system resumes from power management (PM) suspend, if the resume process fails (for example, if mana_attach() returns an error), the function mana_probe() calls mana_remove() to tear down the device and clear certain context pointers.

However, because a failed resume callback does not automatically unbind the driver, the device can later be unbound, causing mana_remove() to be called a second time. During this second call, the code attempts to dereference a NULL pointer (gc->dev) because the context pointer gc is NULL, which leads to a kernel panic.

The fix involves adding a check to return early if the context pointers are NULL, preventing the second invocation from causing a crash, and rearranging the code to avoid dereferencing NULL pointers.

Impact Analysis

This vulnerability can cause a kernel panic, which is a critical system crash in the Linux kernel. Such a crash can lead to system instability, unexpected reboots, or downtime.

If exploited or triggered, it could disrupt services running on the affected system, potentially causing data loss or interruption of operations.

Mitigation Strategies

To mitigate this vulnerability, ensure that your Linux kernel is updated to a version where the fix has been applied. The fix involves adding a NULL check in the mana_remove function to prevent double invocation and kernel panic.

Specifically, update your system to include the patch that adds an early return if gdma_context or driver_data is NULL, preventing the second invocation from causing a kernel panic.

Until the update is applied, avoid scenarios that trigger PM resume failures or device unbinding that could cause mana_remove to be called twice.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-53297. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart