CVE-2026-52971

UNKNOWN 0.0

net: ena: PHC: Fix potential use-after-free in get_timestamp

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

In the Linux kernel, the following vulnerability has been resolved: net: ena: PHC: Fix potential use-after-free in get_timestamp Move the phc->active check and resp pointer assignment to after acquiring the spinlock. Previously, phc->active was checked without holding the lock, and resp was cached from ena_dev->phc.virt_addr before the lock was acquired. If ena_com_phc_destroy() runs between the lockless active check and the lock acquisition, it sets active=false, releases the lock, frees the DMA memory, and sets virt_addr=NULL. The get_timestamp path would then read a NULL virt_addr and dereference it. With both the active check and the pointer read under the lock, destroy cannot free the memory while get_timestamp is using it.

Vendor	linux
Product	linux
Ecosystems	Linux Kernel
Industries	Technology
Published	Jun 24, 2026

Stay Ahead of the Next One

Get instant alerts for linux linux

Be the first to know when new unknown vulnerabilities affecting linux linux are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Linux / Linux

e0ea34158ee8c4f7536cd781010339ff28c0d24c < 95e8ae9af2a61b4e72f5c585bf4c7d8aaf2a2c98 e0ea34158ee8c4f7536cd781010339ff28c0d24c < ca9ed40f28949353911dcb524ff8fff2f3409c97 e0ea34158ee8c4f7536cd781010339ff28c0d24c < e42c755582f0960e684298762f0ab927b3778376

Linux / Linux

6.17

References

NVD ↗ CVE.org ↗ EPSS Data ↗

git.kernel.org: https://git.kernel.org/stable/c/95e8ae9af2a61b4e72f5c585bf4c7d8aaf2a2c98 git.kernel.org: https://git.kernel.org/stable/c/ca9ed40f28949353911dcb524ff8fff2f3409c97 git.kernel.org: https://git.kernel.org/stable/c/e42c755582f0960e684298762f0ab927b3778376