CVE-2026-46267
HighCVSS 7.8Exploitation Probability (EPSS)
Low risk2th percentile - higher than 2% of all known CVEs
Summary
A vulnerability has been identified in the Linux kernel related to timer management and the llc_shdlc structure. Issues may arise when the structure is freed while its timers and state machine are still active, potentially leading to use-after-free (UAF) situations and shutdown races.
Risk Assessment
Organizations may face unpredictable system behavior, which could lead to crashes or unauthorized memory access. The potential risk includes system destabilization and the possibility of exploitation by malicious software.
Recommendation
It is recommended to update the Linux kernel to the latest version that includes fixes for this vulnerability. Additionally, monitoring system behavior for any anomalies related to timer management is advised.
Original NVD description (English source)
In the Linux kernel, the following vulnerability has been resolved: nfc: hci: shdlc: Stop timers and work before freeing context llc_shdlc_deinit() purges SHDLC skb queues and frees the llc_shdlc structure while its timers and state machine work may still be active. Timer callbacks can schedule sm_work, and sm_work accesses SHDLC state and the skb queues. If teardown happens in parallel with a queued/running work item, it can lead to UAF and other shutdown races. Stop all SHDLC timers and cancel sm_work synchronously before purging the queues and freeing the context. Found by Linux Verification Center (linuxtesting.org) with SVACE.

