Home

Description

In the Linux kernel, the following vulnerability has been resolved: fwctl: Fix class init ordering to avoid NULL pointer dereference on device removal CXL is linked before fwctl in drivers/Makefile. Both use `module_init, so `cxl_pci_driver_init()` runs first. When `cxl_pci_probe()` calls `fwctl_register()` and then `device_add()`, fwctl_class is not yet registered because fwctl_init() hasn't run, causing `class_to_subsys()` to return NULL and skip knode_class initialization. On device removal, `class_to_subsys()` returns non-NULL, and `device_del()` calls `klist_del()` on the uninitialized knode, triggering a NULL pointer dereference.

PUBLISHED Reserved 2026-06-09 | Published 2026-06-24 | Updated 2026-06-24 | Assigner Linux

Product status

Default status
unaffected

858ce2f56b5253063f61f6b1c58a6dbf5d71da0b (git) before a28f56988c8e5bb9375806a5cfb0bf54d662ae3f
affected

858ce2f56b5253063f61f6b1c58a6dbf5d71da0b (git) before 1075f2f590fdac147f8b8010c35b606564b5c7d7
affected

858ce2f56b5253063f61f6b1c58a6dbf5d71da0b (git) before a55f80233f384dc89ef3425b2e1dd0e6d44bcf29
affected

Default status
affected

6.15
affected

Any version before 6.15
unaffected

6.18.33 (semver)
unaffected

7.0.10 (semver)
unaffected

7.1 (original_commit_for_fix)
unaffected

References

git.kernel.org/...c/a28f56988c8e5bb9375806a5cfb0bf54d662ae3f

git.kernel.org/...c/1075f2f590fdac147f8b8010c35b606564b5c7d7

git.kernel.org/...c/a55f80233f384dc89ef3425b2e1dd0e6d44bcf29

cve.org (CVE-2026-53042)

nvd.nist.gov (CVE-2026-53042)

Download JSON