Description
In the Linux kernel, the following vulnerability has been resolved:

octeontx2-af: Fix PF driver crash with kexec kernel booting

During a kexec reboot the hardware is not power-cycled, so AF state from
the old kernel can persist into the new kernel. When AF and PF drivers
are built as modules, the PF driver may probe before AF reinitializes
the hardware.

The PF driver treats the RVUM block revision as an indication that AF
initialization is complete. If this value is left uncleared at shutdown,
PF may incorrectly assume AF is ready and access stale hardware state,
leading to a crash.

Clear the RVUM block revision during AF shutdown to avoid PF
mis-detecting AF readiness after kexec.
Published: 2026-06-03
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

In the Linux kernel, the octeontx2-af accelerator firmware driver was found to leave a hardware block revision register (RVUM) uncleared during shutdown. When a system performs a kexec reboot without a full power cycle, the peripheral function driver, loaded as a module, can probe before the AF driver reinitializes the hardware. The PF driver mistakenly interprets the stale RVUM value as indicating that AF has finished initializing and proceeds to access device state that is no longer valid, leading to a kernel crash. This misuse of hardware state information is a classic example of CWE‑909 – Race Condition Between User and Kernel Code. The resulting crash denies service to all users and processes relying on the kernel.

Affected Systems

All Linux kernels that include the octeontx2-af accelerator firmware driver and a PF driver compiled as separate modules are potentially affected. The crash occurs only when a kexec reboot is performed without a full power cycle, so any system using these drivers and enabling kexec without full hardware reset is at risk. No specific kernel release identified, therefore all comparable builds that load these modules should treat themselves as impacted.

Risk and Exploitability

The CVSS score of 5.5 indicates a moderate severity. The EPSS score of 0.00032 (expressed as < 1%) indicates a very low but nonzero probability that the vulnerability will be actively exploited, and the vulnerability is not listed in the CISA KEV catalog, suggesting that exploitation is not yet widespread. The likely attack vector requires privileged access to invoke kexec, which is typically restricted to root or non‑privileged kernel executables. Therefore, while exploitation could be achieved by a local attacker with sufficient privileges, the overall risk to the general population remains moderate. Nonetheless, the potential for a denial of service event warrants prompt remediation.

Generated by OpenCVE AI on June 9, 2026 at 23:13 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply an updated kernel that clears the RVUM block revision during AF shutdown; this is the official fix.
  • If a kernel update cannot be applied immediately, disable kexec on Octeontx2 hardware or ensure a full power‑cycle between reboots so that the appliance’s hardware state is fully reinitialized.
  • Rebuild the kernel with the AF and PF drivers statically linked rather than as modules so that they initialize and shut down together, eliminating the window where the PF driver can misread stale state.

Generated by OpenCVE AI on June 9, 2026 at 23:13 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 09 Jun 2026 20:45:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-noinfo

Thu, 04 Jun 2026 02:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-416

Thu, 04 Jun 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-909
References
Metrics threat_severity

None

 cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Low

Wed, 03 Jun 2026 19:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-416

Wed, 03 Jun 2026 17:45:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: octeontx2-af: Fix PF driver crash with kexec kernel booting During a kexec reboot the hardware is not power-cycled, so AF state from the old kernel can persist into the new kernel. When AF and PF drivers are built as modules, the PF driver may probe before AF reinitializes the hardware. The PF driver treats the RVUM block revision as an indication that AF initialization is complete. If this value is left uncleared at shutdown, PF may incorrectly assume AF is ready and access stale hardware state, leading to a crash. Clear the RVUM block revision during AF shutdown to avoid PF mis-detecting AF readiness after kexec.
Title octeontx2-af: Fix PF driver crash with kexec kernel booting
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-06-03T15:49:45.252Z

Reserved: 2026-05-13T15:03:33.107Z

Link: CVE-2026-46249

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-06-03T18:16:25.237

Modified: 2026-06-09T20:37:05.973

Link: CVE-2026-46249

cve-icon Redhat

Severity : Low

Publid Date: 2026-06-03T00:00:00Z

Links: CVE-2026-46249 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-09T23:15:16Z

Weaknesses