CVE Catalog

CVE-2026-45981

MediumCVSS 5.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.13%

3th percentile - higher than 3% of all known CVEs

Summary

A vulnerability in the Linux kernel related to device lifecycle handling in the `css_alloc_subchannel()` function has been fixed. The issue was that in case of a DMA mask setup failure, the subchannel structure was freed without proper reference management to the device model.

Risk Assessment

Improper device lifecycle management could lead to use-after-free or double-free issues, posing risks of system instability or potential security vulnerabilities.

Recommendation

It is recommended to update the Linux kernel to the latest version to benefit from the fixes related to device lifecycle handling. Testing should also be conducted to ensure all devices operate correctly after the update.

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: s390/cio: Fix device lifecycle handling in css_alloc_subchannel() `css_alloc_subchannel()` calls `device_initialize()` before setting up the DMA masks. If `dma_set_coherent_mask()` or `dma_set_mask()` fails, the error path frees the subchannel structure directly, bypassing the device model reference counting. Once `device_initialize()` has been called, the embedded struct device must be released via `put_device()`, allowing the release callback to free the container structure. Fix the error path by dropping the initial device reference with `put_device()` instead of calling `kfree()` directly. This ensures correct device lifetime handling and avoids potential use-after-free or double-free issues.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS