Vulnerability Details CVE-2026-43440
In the Linux kernel, the following vulnerability has been resolved:
net/mana: Null service_wq on setup error to prevent double destroy
In mana_gd_setup() error path, set gc->service_wq to NULL after
destroy_workqueue() to match the cleanup in mana_gd_cleanup().
This prevents a use-after-free if the workqueue pointer is checked
after a failed setup.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 2.2%
CVSS Severity
CVSS v3 Score 7.8
References
Products affected by CVE-2026-43440
-
cpe:2.3:o:linux:linux_kernel:6.18.16
-
cpe:2.3:o:linux:linux_kernel:6.18.17
-
cpe:2.3:o:linux:linux_kernel:6.18.18
-
cpe:2.3:o:linux:linux_kernel:6.19.6
-
cpe:2.3:o:linux:linux_kernel:6.19.7
-
cpe:2.3:o:linux:linux_kernel:6.19.8
-
cpe:2.3:o:linux:linux_kernel:7.0