CVE-2026-45981
MediumCVSS 5.5Exploitation Probability (EPSS)
Low risk3th percentile - higher than 3% of all known CVEs
Summary
A vulnerability in the Linux kernel related to device lifecycle handling in the `css_alloc_subchannel()` function has been fixed. The issue was that in case of a DMA mask setup failure, the subchannel structure was freed without proper reference management to the device model.
Risk Assessment
Improper device lifecycle management could lead to use-after-free or double-free issues, posing risks of system instability or potential security vulnerabilities.
Recommendation
It is recommended to update the Linux kernel to the latest version to benefit from the fixes related to device lifecycle handling. Testing should also be conducted to ensure all devices operate correctly after the update.
Original NVD description (English source)
In the Linux kernel, the following vulnerability has been resolved: s390/cio: Fix device lifecycle handling in css_alloc_subchannel() `css_alloc_subchannel()` calls `device_initialize()` before setting up the DMA masks. If `dma_set_coherent_mask()` or `dma_set_mask()` fails, the error path frees the subchannel structure directly, bypassing the device model reference counting. Once `device_initialize()` has been called, the embedded struct device must be released via `put_device()`, allowing the release callback to free the container structure. Fix the error path by dropping the initial device reference with `put_device()` instead of calling `kfree()` directly. This ensures correct device lifetime handling and avoids potential use-after-free or double-free issues.

