| ID |
CVE-2026-46267
|
| Sažetak |
In the Linux kernel, the following vulnerability has been resolved:
nfc: hci: shdlc: Stop timers and work before freeing context
llc_shdlc_deinit() purges SHDLC skb queues and frees the llc_shdlc
structure while its timers and state machine work may still be active.
Timer callbacks can schedule sm_work, and sm_work accesses SHDLC state
and the skb queues. If teardown happens in parallel with a queued/running
work item, it can lead to UAF and other shutdown races.
Stop all SHDLC timers and cancel sm_work synchronously before purging the
queues and freeing the context.
Found by Linux Verification Center (linuxtesting.org) with SVACE. |
| Reference |
|
| CVSS |
| Base: | 7.8 |
| Impact: | 5.9 |
| Exploitability: | 1.8 |
|
| Pristup |
| Vektor | Složenost | Autentikacija |
| LOCAL |
LOW |
LOW |
|
| Impact |
| Povjerljivost | Cjelovitost | Dostupnost |
| HIGH |
HIGH |
HIGH |
|
| CVSS vektor |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| Zadnje važnije ažuriranje |
09-06-2026 - 19:48 |
| Objavljeno |
03-06-2026 - 18:16 |
