In the Linux kernel, the following vulnerability has been resolved:
net: ibm: emac: Fix use-after-free during device removal
The driver was using devmregisternetdev() which causes unregisternetdev() to be deferred until the devres cleanup phase, which runs after emacremove() returns. This creates a use-after-free window where:
During step 3, the network stack might still process packets, triggering emacirq(), emacpoll(), or other handlers that access now-freed hardware resources (dev->emacp, dev->mal, etc.).
Fix this by replacing devmregisternetdev() with manual registernetdev() and calling unregisternetdev() at the beginning of emac_remove(), before any hardware teardown. This ensures the network device is fully stopped and unregistered before hardware resources are released.
The change is safe because: - dev->ndev is assigned very early in probe (before any error paths that could bypass emacremove) - platformsetdrvdata() is only called after successful registration, so emacremove() only runs for fully registered devices - unregister_netdev() is idempotent and safe to call on any registered device
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/53xxx/CVE-2026-53234.json",
"cna_assigner": "Linux"
}