CVE-2026-45977
Gravedad CVSS v3.1:
MEDIA
Tipo:
No Disponible / Otro tipo
Fecha de publicación:
27/05/2026
Última modificación:
16/06/2026
Descripción
*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
fbnic: close fw_log race between users and teardown<br />
<br />
Fixes a theoretical race on fw_log between the teardown path and fw_log<br />
write functions.<br />
<br />
fw_log is written inside fbnic_fw_log_write() and can be reached from<br />
the mailbox handler fbnic_fw_msix_intr(), but fw_log is freed before<br />
IRQ/MBX teardown during cleanup, resulting in a potential data race of<br />
dereferencing a freed/null variable.<br />
<br />
Possible Interleaving Scenario:<br />
CPU0: fbnic_fw_msix_intr() // Entry<br />
fbnic_fw_log_write()<br />
if (fbnic_fw_log_ready()) // true<br />
... preempt ...<br />
CPU1: fbnic_remove() // Entry<br />
fbnic_fw_log_free()<br />
vfree(log->data_start);<br />
log->data_start = NULL;<br />
CPU0: continues, walks log->entries or writes to log->data_start<br />
<br />
The initialization also has an incorrect order problem, as the fw_log<br />
is currently allocated after MBX setup during initialization.<br />
Fix the problems by adjusting the synchronization order to put<br />
initialization in place before the mailbox is enabled, and not cleared<br />
until after the mailbox has been disabled.
Impacto
Puntuación base 3.x
5.50
Gravedad 3.x
MEDIA
Productos y versiones vulnerables
| CPE | Desde | Hasta |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.17 (incluyendo) | 6.18.14 (excluyendo) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.19 (incluyendo) | 6.19.4 (excluyendo) |
Para consultar la lista completa de nombres de CPE con productos y versiones, ver esta página



