Description
In the Linux kernel, the following vulnerability has been resolved:

bus: fsl-mc: fix use-after-free in driver_override_show()

The driver_override_show() function reads the driver_override string
without holding the device_lock. However, driver_override_store() uses
driver_set_override(), which modifies and frees the string while holding
the device_lock.

This can result in a concurrent use-after-free if the string is freed
by the store function while being read by the show function.

Fix this by holding the device_lock around the read operation.
Published: 2026-02-18
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Memory corruption leading to loss of integrity and possible denial of service
Action: Immediate Patch
AI Analysis

Impact

This vulnerability is a use‑after‑free in the fsl‑mc driver’s driver_override_show() function. The show routine reads the driver_override string without holding the device_lock, while the store routine may free the string under the lock. A concurrent request can therefore trigger a use‑after‑free, corrupting kernel memory, crashing the system, or, in the worst case, enabling arbitrary code execution.

Affected Systems

All Linux kernel installations that include the fsl‑mc driver are potentially affected. No specific kernel version range is listed, so any build containing the vulnerable code path should apply the patch when available.

Risk and Exploitability

The CVSS score of 7.8 reflects a high‑moderate severity with a low exploit probability (EPSS < 1%). The vulnerability is not listed in CISA’s KEV catalog. The attack vector is likely local privileged access to the fsl‑mc driver interface, where an attacker can trigger the store and show operations concurrently to exploit the use‑after‑free.

Generated by OpenCVE AI on April 15, 2026 at 16:16 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the kernel patch that holds the device_lock around driver_override_show, as outlined in the available commit history.
  • If the fsl‑mc driver is not required, unload the driver or disable its driver_override interface to remove the attack surface.
  • Restrict write access to the driver_override sysfs entry to privileged users only to prevent accidental or malicious unlocking.

Generated by OpenCVE AI on April 15, 2026 at 16:16 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DLA Debian DLA DLA-4499-1 linux-6.1 security update
Debian DSA Debian DSA DSA-6163-1 linux security update
Debian DSA Debian DSA DSA-6162-1 linux security update
History

Wed, 18 Mar 2026 15:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-416
Metrics cvssV3_1

{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

 cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Mon, 23 Feb 2026 03:30:00 +0000

Type Values Removed Values Added
References

Thu, 19 Feb 2026 16:15:00 +0000

Type Values Removed Values Added
References

Thu, 19 Feb 2026 00:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 cvssV3_1

{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

threat_severity

Important

Wed, 18 Feb 2026 15:30:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: bus: fsl-mc: fix use-after-free in driver_override_show() The driver_override_show() function reads the driver_override string without holding the device_lock. However, driver_override_store() uses driver_set_override(), which modifies and frees the string while holding the device_lock. This can result in a concurrent use-after-free if the string is freed by the store function while being read by the show function. Fix this by holding the device_lock around the read operation.
Title bus: fsl-mc: fix use-after-free in driver_override_show()
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-04-13T06:02:36.273Z

Reserved: 2026-01-13T15:37:45.987Z

Link: CVE-2026-23221

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-02-18T16:22:31.820

Modified: 2026-03-18T14:50:04.377

Link: CVE-2026-23221

cve-icon Redhat

Severity : Important

Publid Date: 2026-02-18T00:00:00Z

Links: CVE-2026-23221 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-15T17:30:10Z

Weaknesses