Description
In the Linux kernel, the following vulnerability has been resolved:

net: psp: check for device unregister when creating assoc

psp_assoc_device_get_locked() obtains a psp_dev reference via
psp_dev_get_for_sock() (which uses psp_dev_tryget() under RCU);
it then acquires psd->lock and drops the reference. Before
the lock is taken, psp_dev_unregister() can run to completion:
take psd->lock, clear out state, unlock, drop the registration
reference.

The expectation is that the lock prevents device unregistration,
but much like with netdevs special care has to be taken when
"upgrading" a reference to a locked device. Add the missing
check if device is still alive. psp_dev_is_registered() exists
already but had no callers, which makes me wonder if I either
forgot to add this or lost the check during refactoring...
Published: 2026-06-24
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The Linux kernel’s PSP network driver contains a race condition where a device can be unregistered during the creation of an association, even though a lock is expected to prevent this. The missing check can cause a use‑after‑free that leads to memory corruption, kernel panic, or privilege escalation. This weakness is identified as a race condition that triggers a use‑after‑free vulnerability.

Affected Systems

Linux kernel versions that include the PSP network driver before the commit that added the proper device‑registration check. Specific release numbers are not listed in the advisory.

Risk and Exploitability

The CVSS score is not provided and the EPSS score is unavailable, so the likelihood of exploitation cannot be factored. The vulnerability is not listed in CISA’s KEV catalog. Attackers would need to exploit the race condition by triggering a device unregistration during a call to psp_assoc_device_get_locked, likely requiring local or privileged access to send crafted network traffic. No public exploit is known, so the risk remains uncertain, but the potential impact warrants prompt remediation.

Generated by OpenCVE AI on June 24, 2026 at 19:42 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Linux kernel release that includes the commit adding the proper device‑registration check.
  • If an update is not immediately possible, block or remove the PSP network driver from use by blacklisting the module or disabling its configuration until a patch is available.
  • Monitor vendor security advisories for updates and schedule a kernel upgrade at the earliest opportunity.

Generated by OpenCVE AI on June 24, 2026 at 19:42 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 24 Jun 2026 20:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-416

Wed, 24 Jun 2026 17:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: net: psp: check for device unregister when creating assoc psp_assoc_device_get_locked() obtains a psp_dev reference via psp_dev_get_for_sock() (which uses psp_dev_tryget() under RCU); it then acquires psd->lock and drops the reference. Before the lock is taken, psp_dev_unregister() can run to completion: take psd->lock, clear out state, unlock, drop the registration reference. The expectation is that the lock prevents device unregistration, but much like with netdevs special care has to be taken when "upgrading" a reference to a locked device. Add the missing check if device is still alive. psp_dev_is_registered() exists already but had no callers, which makes me wonder if I either forgot to add this or lost the check during refactoring...
Title net: psp: check for device unregister when creating assoc
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-06-24T16:28:55.696Z

Reserved: 2026-06-09T07:44:35.376Z

Link: CVE-2026-52979

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-24T21:45:15Z

Weaknesses