CVE-2026-45977

Source
https://cve.org/CVERecord?id=CVE-2026-45977
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-45977.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-45977
Downstream
Published
2026-05-27T12:18:35.858Z
Modified
2026-07-08T08:13:35.642000350Z
Summary
fbnic: close fw_log race between users and teardown
Details

In the Linux kernel, the following vulnerability has been resolved:

fbnic: close fw_log race between users and teardown

Fixes a theoretical race on fwlog between the teardown path and fwlog write functions.

fwlog is written inside fbnicfwlogwrite() and can be reached from the mailbox handler fbnicfwmsixintr(), but fwlog is freed before IRQ/MBX teardown during cleanup, resulting in a potential data race of dereferencing a freed/null variable.

Possible Interleaving Scenario: CPU0: fbnicfwmsixintr() // Entry fbnicfwlogwrite() if (fbnicfwlogready()) // true ... preempt ... CPU1: fbnicremove() // Entry fbnicfwlogfree() vfree(log->datastart); log->datastart = NULL; CPU0: continues, walks log->entries or writes to log->datastart

The initialization also has an incorrect order problem, as the fw_log is currently allocated after MBX setup during initialization. Fix the problems by adjusting the synchronization order to put initialization in place before the mailbox is enabled, and not cleared until after the mailbox has been disabled.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/45xxx/CVE-2026-45977.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
ecc53b1b46c892d2e3cf3cf4393b6d219dc4ae3f
Fixed
223cfef4812bdfa5ac5c1aa761cdba03cfe2c9cd
Fixed
5f10ab3643c58a22fbaee92c4701b00fcb4a465d
Fixed
ee5492fd88cfc079c19fbeac78e9e53b7f6c04f3

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-45977.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.17.0
Fixed
6.18.14
Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
6.19.4

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-45977.json"