CVE-2026-53042

UNKNOWN 0.0

fwctl: Fix class init ordering to avoid NULL pointer dereference on device removal

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

In the Linux kernel, the following vulnerability has been resolved: fwctl: Fix class init ordering to avoid NULL pointer dereference on device removal CXL is linked before fwctl in drivers/Makefile. Both use `module_init, so `cxl_pci_driver_init()` runs first. When `cxl_pci_probe()` calls `fwctl_register()` and then `device_add()`, fwctl_class is not yet registered because fwctl_init() hasn't run, causing `class_to_subsys()` to return NULL and skip knode_class initialization. On device removal, `class_to_subsys()` returns non-NULL, and `device_del()` calls `klist_del()` on the uninitialized knode, triggering a NULL pointer dereference.

Vendor	linux
Product	linux
Ecosystems	Linux Kernel
Industries	Technology
Published	Jun 24, 2026

Stay Ahead of the Next One

Get instant alerts for linux linux

Be the first to know when new unknown vulnerabilities affecting linux linux are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Linux / Linux

858ce2f56b5253063f61f6b1c58a6dbf5d71da0b < a28f56988c8e5bb9375806a5cfb0bf54d662ae3f 858ce2f56b5253063f61f6b1c58a6dbf5d71da0b < 1075f2f590fdac147f8b8010c35b606564b5c7d7 858ce2f56b5253063f61f6b1c58a6dbf5d71da0b < a55f80233f384dc89ef3425b2e1dd0e6d44bcf29

Linux / Linux

6.15

References

NVD ↗ CVE.org ↗ EPSS Data ↗

git.kernel.org: https://git.kernel.org/stable/c/a28f56988c8e5bb9375806a5cfb0bf54d662ae3f git.kernel.org: https://git.kernel.org/stable/c/1075f2f590fdac147f8b8010c35b606564b5c7d7 git.kernel.org: https://git.kernel.org/stable/c/a55f80233f384dc89ef3425b2e1dd0e6d44bcf29