Home

Description

In the Linux kernel, the following vulnerability has been resolved: uacce: ensure safe queue release with state management Directly calling `put_queue` carries risks since it cannot guarantee that resources of `uacce_queue` have been fully released beforehand. So adding a `stop_queue` operation for the UACCE_CMD_PUT_Q command and leaving the `put_queue` operation to the final resource release ensures safety. Queue states are defined as follows: - UACCE_Q_ZOMBIE: Initial state - UACCE_Q_INIT: After opening `uacce` - UACCE_Q_STARTED: After `start` is issued via `ioctl` When executing `poweroff -f` in virt while accelerator are still working, `uacce_fops_release` and `uacce_remove` may execute concurrently. This can cause `uacce_put_queue` within `uacce_fops_release` to access a NULL `ops` pointer. Therefore, add state checks to prevent accessing freed pointers.

PUBLISHED Reserved 2026-01-13 | Published 2026-02-04 | Updated 2026-02-09 | Assigner Linux

Product status

Default status
unaffected

015d239ac0142ad0e26567fd890ef8d171f13709 (git) before b457abeb5d962db88aaf60e249402fd3073dbfab
affected

015d239ac0142ad0e26567fd890ef8d171f13709 (git) before 8b57bf1d3b1db692f34bce694a03e41be79f6016
affected

015d239ac0142ad0e26567fd890ef8d171f13709 (git) before 336fb41a186e7c0415ae94fec9e23d1f04b87483
affected

015d239ac0142ad0e26567fd890ef8d171f13709 (git) before 43f233eb6e7b9d88536881a9bc43726d0e34800d
affected

015d239ac0142ad0e26567fd890ef8d171f13709 (git) before 47634d70073890c9c37e39ab4ff93d4b585b028a
affected

015d239ac0142ad0e26567fd890ef8d171f13709 (git) before 92e4f11e29b98ef424ff72d6371acac03e5d973c
affected

015d239ac0142ad0e26567fd890ef8d171f13709 (git) before 26c08dabe5475d99a13f353d8dd70e518de45663
affected

Default status
affected

5.7
affected

Any version before 5.7
unaffected

5.10.249 (semver)
unaffected

5.15.199 (semver)
unaffected

6.1.162 (semver)
unaffected

6.6.122 (semver)
unaffected

6.12.68 (semver)
unaffected

6.18.8 (semver)
unaffected

6.19 (original_commit_for_fix)
unaffected

References

git.kernel.org/...c/b457abeb5d962db88aaf60e249402fd3073dbfab

git.kernel.org/...c/8b57bf1d3b1db692f34bce694a03e41be79f6016

git.kernel.org/...c/336fb41a186e7c0415ae94fec9e23d1f04b87483

git.kernel.org/...c/43f233eb6e7b9d88536881a9bc43726d0e34800d

git.kernel.org/...c/47634d70073890c9c37e39ab4ff93d4b585b028a

git.kernel.org/...c/92e4f11e29b98ef424ff72d6371acac03e5d973c

git.kernel.org/...c/26c08dabe5475d99a13f353d8dd70e518de45663

cve.org (CVE-2026-23063)

nvd.nist.gov (CVE-2026-23063)

Download JSON