Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2026-23221

Опубликовано: 18 фев. 2026
Источник: nvd
CVSS3: 7.8
EPSS Низкий

Описание

In the Linux kernel, the following vulnerability has been resolved:

bus: fsl-mc: fix use-after-free in driver_override_show()

The driver_override_show() function reads the driver_override string without holding the device_lock. However, driver_override_store() uses driver_set_override(), which modifies and frees the string while holding the device_lock.

This can result in a concurrent use-after-free if the string is freed by the store function while being read by the show function.

Fix this by holding the device_lock around the read operation.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Версия от 5.10 (включая) до 5.15.201 (исключая)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Версия от 5.16 (включая) до 6.1.164 (исключая)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Версия от 6.2 (включая) до 6.6.127 (исключая)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Версия от 6.7 (включая) до 6.12.74 (исключая)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Версия от 6.13 (включая) до 6.18.11 (исключая)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Версия от 6.19 (включая) до 6.19.1 (исключая)

EPSS

Процентиль: 2%
0.00014
Низкий

7.8 High

CVSS3

Дефекты

CWE-416

Связанные уязвимости

ubuntu логотип

CVE-2026-23221

CVSS3: 7.8
ubuntu
около 1 месяца назад

In the Linux kernel, the following vulnerability has been resolved: bus: fsl-mc: fix use-after-free in driver_override_show() The driver_override_show() function reads the driver_override string without holding the device_lock. However, driver_override_store() uses driver_set_override(), which modifies and frees the string while holding the device_lock. This can result in a concurrent use-after-free if the string is freed by the store function while being read by the show function. Fix this by holding the device_lock around the read operation.

redhat логотип

CVE-2026-23221

CVSS3: 5.5
redhat
около 1 месяца назад

In the Linux kernel, the following vulnerability has been resolved: bus: fsl-mc: fix use-after-free in driver_override_show() The driver_override_show() function reads the driver_override string without holding the device_lock. However, driver_override_store() uses driver_set_override(), which modifies and frees the string while holding the device_lock. This can result in a concurrent use-after-free if the string is freed by the store function while being read by the show function. Fix this by holding the device_lock around the read operation.

msrc логотип

CVE-2026-23221

CVSS3: 7
msrc
около 1 месяца назад

bus: fsl-mc: fix use-after-free in driver_override_show()

debian логотип

CVE-2026-23221

CVSS3: 7.8
debian
около 1 месяца назад

In the Linux kernel, the following vulnerability has been resolved: b ...

github логотип

GHSA-jp99-8xc8-367m

CVSS3: 7.8
github
около 1 месяца назад

In the Linux kernel, the following vulnerability has been resolved: bus: fsl-mc: fix use-after-free in driver_override_show() The driver_override_show() function reads the driver_override string without holding the device_lock. However, driver_override_store() uses driver_set_override(), which modifies and frees the string while holding the device_lock. This can result in a concurrent use-after-free if the string is freed by the store function while being read by the show function. Fix this by holding the device_lock around the read operation.

EPSS

Процентиль: 2%
0.00014
Низкий

7.8 High

CVSS3

Дефекты

CWE-416