CVE-2026-43440

Source
https://cve.org/CVERecord?id=CVE-2026-43440
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-43440.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-43440
Downstream
Published
2026-05-08T14:22:09.334Z
Modified
2026-07-08T08:13:29.859323192Z
Summary
net/mana: Null service_wq on setup error to prevent double destroy
Details

In the Linux kernel, the following vulnerability has been resolved:

net/mana: Null service_wq on setup error to prevent double destroy

In managdsetup() error path, set gc->servicewq to NULL after destroyworkqueue() to match the cleanup in managdcleanup(). This prevents a use-after-free if the workqueue pointer is checked after a failed setup.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/43xxx/CVE-2026-43440.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
fa3c2f8d9152344a478abb847081c1b5f84a94f5
Fixed
59489ce60d7412ed82fb1d8002faa3102dcd4916
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
a9a7c3203fdc4d4a8d8a7a3b1ed05d2bb4c6e77e
Fixed
6c92392602b451e3869f15ab685f8f650e942b13
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
f975a0955276579e2176a134366ed586071c7c6a
Fixed
87c2302813abc55c46485711a678e3c312b00666

Affected versions

v6.*
v6.18.16
v6.18.17
v6.18.18
v6.19.6
v6.19.7
v6.19.8

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-43440.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.18.16
Fixed
6.18.19
Type
ECOSYSTEM
Events
Introduced
6.19.6
Fixed
6.19.9

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-43440.json"