๐Ÿ” CVE Alert

CVE-2026-46267

UNKNOWN 0.0

nfc: hci: shdlc: Stop timers and work before freeing context

CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th

In the Linux kernel, the following vulnerability has been resolved: nfc: hci: shdlc: Stop timers and work before freeing context llc_shdlc_deinit() purges SHDLC skb queues and frees the llc_shdlc structure while its timers and state machine work may still be active. Timer callbacks can schedule sm_work, and sm_work accesses SHDLC state and the skb queues. If teardown happens in parallel with a queued/running work item, it can lead to UAF and other shutdown races. Stop all SHDLC timers and cancel sm_work synchronously before purging the queues and freeing the context. Found by Linux Verification Center (linuxtesting.org) with SVACE.

Vendor linux
Product linux
Ecosystems
Industries
Technology
Published Jun 3, 2026
Stay Ahead of the Next One

Get instant alerts for linux linux

Be the first to know when new unknown vulnerabilities affecting linux linux are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

Affected Versions

Linux / Linux
4a61cd6687fc6348d08724676d34e38160d6cf9b < c60f41022eaad2a1dafecd3ae6f249a3bd6d4b6e 4a61cd6687fc6348d08724676d34e38160d6cf9b < a24a676329d40481b2331bfa1418a679577dfd3a 4a61cd6687fc6348d08724676d34e38160d6cf9b < 77eef9f2eef045c3c37a3df82d3e661afb866b98 4a61cd6687fc6348d08724676d34e38160d6cf9b < cf70cedce327833296ebe6043364d1e44b76a2ab 4a61cd6687fc6348d08724676d34e38160d6cf9b < 276820278e9717cc7d4bb32381892dd3ddf418d4 4a61cd6687fc6348d08724676d34e38160d6cf9b < 1cb97b1225450af3f7b728777929ba50c6a58ced 4a61cd6687fc6348d08724676d34e38160d6cf9b < c9efde1e537baed7648a94022b43836a348a074f
Linux / Linux
3.7

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
git.kernel.org: https://git.kernel.org/stable/c/c60f41022eaad2a1dafecd3ae6f249a3bd6d4b6e git.kernel.org: https://git.kernel.org/stable/c/a24a676329d40481b2331bfa1418a679577dfd3a git.kernel.org: https://git.kernel.org/stable/c/77eef9f2eef045c3c37a3df82d3e661afb866b98 git.kernel.org: https://git.kernel.org/stable/c/cf70cedce327833296ebe6043364d1e44b76a2ab git.kernel.org: https://git.kernel.org/stable/c/276820278e9717cc7d4bb32381892dd3ddf418d4 git.kernel.org: https://git.kernel.org/stable/c/1cb97b1225450af3f7b728777929ba50c6a58ced git.kernel.org: https://git.kernel.org/stable/c/c9efde1e537baed7648a94022b43836a348a074f