CVE-2026-43440

HIGH

net/mana: Null service_wq on setup error to prevent double destroy

Title source: cna

Description

In the Linux kernel, the following vulnerability has been resolved: net/mana: Null service_wq on setup error to prevent double destroy In mana_gd_setup() error path, set gc->service_wq to NULL after destroy_workqueue() to match the cleanup in mana_gd_cleanup(). This prevents a use-after-free if the workqueue pointer is checked after a failed setup.

References (3)

Core 3

Core References

https://git.kernel.org/stable/c/59489ce60d7412ed82fb1d8002faa3102dcd4916

https://git.kernel.org/stable/c/6c92392602b451e3869f15ab685f8f650e942b13

https://git.kernel.org/stable/c/87c2302813abc55c46485711a678e3c312b00666

Scores

CVSS v3 7.8

EPSS 0.0001

EPSS Percentile 2.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-416

Status published

Products (7)

Linux/Linux 6.18.16 - 6.18.19

Linux/Linux 6.19.6 - 6.19.9

Linux/Linux a9a7c3203fdc4d4a8d8a7a3b1ed05d2bb4c6e77e - 6c92392602b451e3869f15ab685f8f650e942b13

Linux/Linux f975a0955276579e2176a134366ed586071c7c6a - 87c2302813abc55c46485711a678e3c312b00666

Linux/Linux fa3c2f8d9152344a478abb847081c1b5f84a94f5 - 59489ce60d7412ed82fb1d8002faa3102dcd4916

linux/linux_kernel 7.0 rc2 (2 CPE variants)

linux/linux_kernel 6.18.16 - 6.18.19

Published May 08, 2026

Tracked Since May 08, 2026