In the Linux kernel, the following vulnerability has been resolved:
net: mana: fix use-after-free in add_adev() error path
If auxiliarydeviceadd() fails, addadev() jumps to addfail and calls auxiliarydeviceuninit(adev).
The auxiliary device has its release callback set to adevrelease(), which frees the containing struct manaadev. Since adev is embedded in struct manaadev, the subsequent fall-through to initfail and access to adev->id may result in a use-after-free.
Fix this by saving the allocated auxiliary device id in a local variable before calling auxiliarydeviceadd(), and use that saved id in the cleanup path after auxiliarydeviceuninit().
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/43xxx/CVE-2026-43056.json",
"cna_assigner": "Linux"
}