Use-after-free Vulnerability in Linux Kernel Affects Mana Auxiliary Device
CVE-2026-43056

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 1 May 2026

What is CVE-2026-43056?

A vulnerability has been identified in the Linux kernel that affects the Mana auxiliary device. This issue arises from a use-after-free condition encountered during the error handling of the auxiliary device initialization process. If the auxiliary_device_add() function fails, control shifts to an error-handling path. At this stage, the callback for the auxiliary device is invoked, which deallocates the corresponding mana_adev structure. Consequently, when the program attempts to access the adev->id, it may interact with freed memory, leading to potential exploitation risks. A resolution has been implemented by saving the auxiliary device ID in a local variable prior to the addition process, ensuring that the correct and valid ID is utilized and preventing access to released resources.

Affected Version(s)

Linux a69839d4327d053b18d8e1b0e7ddeee78db78f4f

Linux a69839d4327d053b18d8e1b0e7ddeee78db78f4f < 43f5b19fd190fea20d052bc84741b28031d5baa9

Linux a69839d4327d053b18d8e1b0e7ddeee78db78f4f < 5f4061f8225d18695e5afe9bbf1cb7bd673d7872

References

https://git.kernel.org/stable/c/d88541ffd56d62a61e7720908...

https://git.kernel.org/stable/c/43f5b19fd190fea20d052bc84...

https://git.kernel.org/stable/c/5f4061f8225d18695e5afe9bb...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 1, 2026
Vulnerability Reserved
May 1, 2026

CVE-2026-43056 Data

JSON