Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

CVE-2026-45977

Gravedad CVSS v3.1:
MEDIA
Tipo:
No Disponible / Otro tipo
Fecha de publicación:
27/05/2026
Última modificación:
16/06/2026

Descripción

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> fbnic: close fw_log race between users and teardown<br /> <br /> Fixes a theoretical race on fw_log between the teardown path and fw_log<br /> write functions.<br /> <br /> fw_log is written inside fbnic_fw_log_write() and can be reached from<br /> the mailbox handler fbnic_fw_msix_intr(), but fw_log is freed before<br /> IRQ/MBX teardown during cleanup, resulting in a potential data race of<br /> dereferencing a freed/null variable.<br /> <br /> Possible Interleaving Scenario:<br /> CPU0: fbnic_fw_msix_intr() // Entry<br /> fbnic_fw_log_write()<br /> if (fbnic_fw_log_ready()) // true<br /> ... preempt ...<br /> CPU1: fbnic_remove() // Entry<br /> fbnic_fw_log_free()<br /> vfree(log-&gt;data_start);<br /> log-&gt;data_start = NULL;<br /> CPU0: continues, walks log-&gt;entries or writes to log-&gt;data_start<br /> <br /> The initialization also has an incorrect order problem, as the fw_log<br /> is currently allocated after MBX setup during initialization.<br /> Fix the problems by adjusting the synchronization order to put<br /> initialization in place before the mailbox is enabled, and not cleared<br /> until after the mailbox has been disabled.

Productos y versiones vulnerables

CPE Desde Hasta
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.17 (incluyendo) 6.18.14 (excluyendo)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.19 (incluyendo) 6.19.4 (excluyendo)