HIGHCVE-2026-43056Published Modified CNA Linux
CVE-2026-43056: net: mana: fix use-after-free in add_adev() error path
In the Linux kernel, the following vulnerability has been resolved: net: mana: fix use-after-free in add_adev() error path If auxiliary_device_add() fails, add_adev() jumps to add_fail and calls auxiliary_device_uninit(adev). The auxiliary device has its release callback set to adev_release(), which frees the containing struct mana_adev. Since adev is embedded in struct mana_adev, the subsequent fall-through to init_fail and access to adev->id may result in a use-after-free. Fix this by saving the allocated auxiliary device id in a local variable before calling auxiliary_device_add(), and use that saved id in the cleanup path after auxiliary_device_uninit().
Metrics
- CVSS v3.1
- 7.8
- Severity
- HIGH
- Fixed in
- 0
- Affected Products
- 2
Fix available
043f5b19fd190fea20d052bc84741b28031d5baa95f4061f8225d18695e5afe9bbf1cb7bd673d78726.6.1346.12.816.18.226.19.127.0c4ea7d8907cf72b259bf70bd8c2e791e1c4ff70fd88541ffd56d62a61e77209080001eddd4d69815e5a75bf026c686b91a7dc6f9c5caf5016745d1fe
Affected packages
- Linux / Linux< d88541ffd56d62a61e77209080001eddd4d69815 (from a69839d4327d053b18d8e1b0e7ddeee78db78f4f) · < 43f5b19fd190fea20d052bc84741b28031d5baa9 (from a69839d4327d053b18d8e1b0e7ddeee78db78f4f) · < 5f4061f8225d18695e5afe9bbf1cb7bd673d7872 (from a69839d4327d053b18d8e1b0e7ddeee78db78f4f) · < e5a75bf026c686b91a7dc6f9c5caf5016745d1fe (from a69839d4327d053b18d8e1b0e7ddeee78db78f4f) · < c4ea7d8907cf72b259bf70bd8c2e791e1c4ff70f (from a69839d4327d053b18d8e1b0e7ddeee78db78f4f)
- Linux / Linux6.2Fixed in 0, 6.6.134, 6.12.81, 6.18.22, 6.19.12, 7.0
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H