CVE-2026-43015

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> net: macb: fix clk handling on PCI glue driver removal<br /> <br /> platform_device_unregister() may still want to use the registered clks<br /> during runtime resume callback.<br /> <br /> Note that there is a commit d82d5303c4c5 ("net: macb: fix use after free<br /> on rmmod") that addressed the similar problem of clk vs platform device<br /> unregistration but just moved the bug to another place.<br /> <br /> Save the pointers to clks into local variables for reuse after platform<br /> device is unregistered.<br /> <br /> BUG: KASAN: use-after-free in clk_prepare+0x5a/0x60<br /> Read of size 8 at addr ffff888104f85e00 by task modprobe/597<br /> <br /> CPU: 2 PID: 597 Comm: modprobe Not tainted 6.1.164+ #114<br /> Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.1-0-g3208b098f51a-prebuilt.qemu.org 04/01/2014<br /> Call Trace:<br /> <br /> dump_stack_lvl+0x8d/0xba<br /> print_report+0x17f/0x496<br /> kasan_report+0xd9/0x180<br /> clk_prepare+0x5a/0x60<br /> macb_runtime_resume+0x13d/0x410 [macb]<br /> pm_generic_runtime_resume+0x97/0xd0<br /> __rpm_callback+0xc8/0x4d0<br /> rpm_callback+0xf6/0x230<br /> rpm_resume+0xeeb/0x1a70<br /> __pm_runtime_resume+0xb4/0x170<br /> bus_remove_device+0x2e3/0x4b0<br /> device_del+0x5b3/0xdc0<br /> platform_device_del+0x4e/0x280<br /> platform_device_unregister+0x11/0x50<br /> pci_device_remove+0xae/0x210<br /> device_remove+0xcb/0x180<br /> device_release_driver_internal+0x529/0x770<br /> driver_detach+0xd4/0x1a0<br /> bus_remove_driver+0x135/0x260<br /> driver_unregister+0x72/0xb0<br /> pci_unregister_driver+0x26/0x220<br /> __do_sys_delete_module+0x32e/0x550<br /> do_syscall_64+0x35/0x80<br /> entry_SYSCALL_64_after_hwframe+0x6e/0xd8<br /> <br /> <br /> Allocated by task 519:<br /> kasan_save_stack+0x2c/0x50<br /> kasan_set_track+0x21/0x30<br /> __kasan_kmalloc+0x8e/0x90<br /> __clk_register+0x458/0x2890<br /> clk_hw_register+0x1a/0x60<br /> __clk_hw_register_fixed_rate+0x255/0x410<br /> clk_register_fixed_rate+0x3c/0xa0<br /> macb_probe+0x1d8/0x42e [macb_pci]<br /> local_pci_probe+0xd7/0x190<br /> pci_device_probe+0x252/0x600<br /> really_probe+0x255/0x7f0<br /> __driver_probe_device+0x1ee/0x330<br /> driver_probe_device+0x4c/0x1f0<br /> __driver_attach+0x1df/0x4e0<br /> bus_for_each_dev+0x15d/0x1f0<br /> bus_add_driver+0x486/0x5e0<br /> driver_register+0x23a/0x3d0<br /> do_one_initcall+0xfd/0x4d0<br /> do_init_module+0x18b/0x5a0<br /> load_module+0x5663/0x7950<br /> __do_sys_finit_module+0x101/0x180<br /> do_syscall_64+0x35/0x80<br /> entry_SYSCALL_64_after_hwframe+0x6e/0xd8<br /> <br /> Freed by task 597:<br /> kasan_save_stack+0x2c/0x50<br /> kasan_set_track+0x21/0x30<br /> kasan_save_free_info+0x2a/0x50<br /> __kasan_slab_free+0x106/0x180<br /> __kmem_cache_free+0xbc/0x320<br /> clk_unregister+0x6de/0x8d0<br /> macb_remove+0x73/0xc0 [macb_pci]<br /> pci_device_remove+0xae/0x210<br /> device_remove+0xcb/0x180<br /> device_release_driver_internal+0x529/0x770<br /> driver_detach+0xd4/0x1a0<br /> bus_remove_driver+0x135/0x260<br /> driver_unregister+0x72/0xb0<br /> pci_unregister_driver+0x26/0x220<br /> __do_sys_delete_module+0x32e/0x550<br /> do_syscall_64+0x35/0x80<br /> entry_SYSCALL_64_after_hwframe+0x6e/0xd8