In the Linux kernel, the following vulnerability has been resolved:
net: psp: check for device unregister when creating assoc
pspassocdevicegetlocked() obtains a pspdev reference via pspdevgetforsock() (which uses pspdevtryget() under RCU); it then acquires psd->lock and drops the reference. Before the lock is taken, pspdev_unregister() can run to completion: take psd->lock, clear out state, unlock, drop the registration reference.
The expectation is that the lock prevents device unregistration, but much like with netdevs special care has to be taken when "upgrading" a reference to a locked device. Add the missing check if device is still alive. pspdevis_registered() exists already but had no callers, which makes me wonder if I either forgot to add this or lost the check during refactoring...
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/52xxx/CVE-2026-52979.json",
"cna_assigner": "Linux"
}