Use-After-Free Vulnerability in Linux Kernel Driver for Mana Network Interface
CVE-2026-43276

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 6 May 2026

What is CVE-2026-43276?

A use-after-free vulnerability in the Linux kernel's mana network driver can lead to crashes during the service rescan PCI path. When the function 'mana_serv_reset()' interacts with 'mana_gd_suspend()', it inadvertently attempts to destroy a worker queue that has already been freed. This occurs if 'mana_gd_resume()' fails due to timeout or protocol issues, triggering a cascading call that attempts to clean up the already-released resource. The fix involves adding a null-check before destruction of the workqueue to prevent attempts to access freed memory, thereby enhancing the stability and security of the driver.

Affected Version(s)

Linux 505cc26bcae00699bacaee66cd50ede7a9cc89cb

References

https://git.kernel.org/stable/c/fa3c2f8d9152344a478abb847...

https://git.kernel.org/stable/c/a9a7c3203fdc4d4a8d8a7a3b1...

https://git.kernel.org/stable/c/f975a0955276579e2176a1343...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 6, 2026
Vulnerability Reserved
May 1, 2026

CVE-2026-43276 Data

JSON