Vulnerability Details CVE-2026-52971
In the Linux kernel, the following vulnerability has been resolved:
net: ena: PHC: Fix potential use-after-free in get_timestamp
Move the phc->active check and resp pointer assignment to after
acquiring the spinlock. Previously, phc->active was checked without
holding the lock, and resp was cached from ena_dev->phc.virt_addr
before the lock was acquired.
If ena_com_phc_destroy() runs between the lockless active check and
the lock acquisition, it sets active=false, releases the lock, frees
the DMA memory, and sets virt_addr=NULL. The get_timestamp path would
then read a NULL virt_addr and dereference it.
With both the active check and the pointer read under the lock,
destroy cannot free the memory while get_timestamp is using it.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 3.2%
CVSS Severity
CVSS v3 Score 7.8
Products affected by CVE-2026-52971
-
cpe:2.3:o:linux:linux_kernel:6.17
-
cpe:2.3:o:linux:linux_kernel:6.17.1
-
cpe:2.3:o:linux:linux_kernel:6.17.10
-
cpe:2.3:o:linux:linux_kernel:6.17.11
-
cpe:2.3:o:linux:linux_kernel:6.17.12
-
cpe:2.3:o:linux:linux_kernel:6.17.13
-
cpe:2.3:o:linux:linux_kernel:6.17.2
-
cpe:2.3:o:linux:linux_kernel:6.17.3
-
cpe:2.3:o:linux:linux_kernel:6.17.4
-
cpe:2.3:o:linux:linux_kernel:6.17.5
-
cpe:2.3:o:linux:linux_kernel:6.17.6
-
cpe:2.3:o:linux:linux_kernel:6.17.7
-
cpe:2.3:o:linux:linux_kernel:6.17.8
-
cpe:2.3:o:linux:linux_kernel:6.17.9
-
cpe:2.3:o:linux:linux_kernel:6.18
-
cpe:2.3:o:linux:linux_kernel:6.18.1
-
cpe:2.3:o:linux:linux_kernel:6.18.10
-
cpe:2.3:o:linux:linux_kernel:6.18.11
-
cpe:2.3:o:linux:linux_kernel:6.18.13
-
cpe:2.3:o:linux:linux_kernel:6.18.14
-
cpe:2.3:o:linux:linux_kernel:6.18.16
-
cpe:2.3:o:linux:linux_kernel:6.18.17
-
cpe:2.3:o:linux:linux_kernel:6.18.18
-
cpe:2.3:o:linux:linux_kernel:6.18.19
-
cpe:2.3:o:linux:linux_kernel:6.18.2
-
cpe:2.3:o:linux:linux_kernel:6.18.20
-
cpe:2.3:o:linux:linux_kernel:6.18.21
-
cpe:2.3:o:linux:linux_kernel:6.18.22
-
cpe:2.3:o:linux:linux_kernel:6.18.23
-
cpe:2.3:o:linux:linux_kernel:6.18.24
-
cpe:2.3:o:linux:linux_kernel:6.18.25
-
cpe:2.3:o:linux:linux_kernel:6.18.26
-
cpe:2.3:o:linux:linux_kernel:6.18.27
-
cpe:2.3:o:linux:linux_kernel:6.18.28
-
cpe:2.3:o:linux:linux_kernel:6.18.29
-
cpe:2.3:o:linux:linux_kernel:6.18.3
-
cpe:2.3:o:linux:linux_kernel:6.18.30
-
cpe:2.3:o:linux:linux_kernel:6.18.31
-
cpe:2.3:o:linux:linux_kernel:6.18.32
-
cpe:2.3:o:linux:linux_kernel:6.18.4
-
cpe:2.3:o:linux:linux_kernel:6.18.5
-
cpe:2.3:o:linux:linux_kernel:6.18.6
-
cpe:2.3:o:linux:linux_kernel:6.18.7
-
cpe:2.3:o:linux:linux_kernel:6.18.8
-
cpe:2.3:o:linux:linux_kernel:6.18.9
-
cpe:2.3:o:linux:linux_kernel:6.19
-
cpe:2.3:o:linux:linux_kernel:6.19.1
-
cpe:2.3:o:linux:linux_kernel:6.19.10
-
cpe:2.3:o:linux:linux_kernel:6.19.11
-
cpe:2.3:o:linux:linux_kernel:6.19.12
-
cpe:2.3:o:linux:linux_kernel:6.19.13
-
cpe:2.3:o:linux:linux_kernel:6.19.14
-
cpe:2.3:o:linux:linux_kernel:6.19.3
-
cpe:2.3:o:linux:linux_kernel:6.19.4
-
cpe:2.3:o:linux:linux_kernel:6.19.6
-
cpe:2.3:o:linux:linux_kernel:6.19.7
-
cpe:2.3:o:linux:linux_kernel:6.19.8
-
cpe:2.3:o:linux:linux_kernel:6.19.9
-
cpe:2.3:o:linux:linux_kernel:7.0
-
cpe:2.3:o:linux:linux_kernel:7.0.1
-
cpe:2.3:o:linux:linux_kernel:7.0.2
-
cpe:2.3:o:linux:linux_kernel:7.0.3
-
cpe:2.3:o:linux:linux_kernel:7.0.4
-
cpe:2.3:o:linux:linux_kernel:7.0.5
-
cpe:2.3:o:linux:linux_kernel:7.0.6
-
cpe:2.3:o:linux:linux_kernel:7.0.7
-
cpe:2.3:o:linux:linux_kernel:7.0.8
-
cpe:2.3:o:linux:linux_kernel:7.0.9
-
cpe:2.3:o:linux:linux_kernel:7.1