CVE Catalog

CVE-2026-46267

HighCVSS 7.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.01%

2th percentile - higher than 2% of all known CVEs

Summary

A vulnerability has been identified in the Linux kernel related to timer management and the llc_shdlc structure. Issues may arise when the structure is freed while its timers and state machine are still active, potentially leading to use-after-free (UAF) situations and shutdown races.

Risk Assessment

Organizations may face unpredictable system behavior, which could lead to crashes or unauthorized memory access. The potential risk includes system destabilization and the possibility of exploitation by malicious software.

Recommendation

It is recommended to update the Linux kernel to the latest version that includes fixes for this vulnerability. Additionally, monitoring system behavior for any anomalies related to timer management is advised.

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: nfc: hci: shdlc: Stop timers and work before freeing context llc_shdlc_deinit() purges SHDLC skb queues and frees the llc_shdlc structure while its timers and state machine work may still be active. Timer callbacks can schedule sm_work, and sm_work accesses SHDLC state and the skb queues. If teardown happens in parallel with a queued/running work item, it can lead to UAF and other shutdown races. Stop all SHDLC timers and cancel sm_work synchronously before purging the queues and freeing the context. Found by Linux Verification Center (linuxtesting.org) with SVACE.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS