Description
In the Linux kernel, the following vulnerability has been resolved:

net: psp: check for device unregister when creating assoc

psp_assoc_device_get_locked() obtains a psp_dev reference via
psp_dev_get_for_sock() (which uses psp_dev_tryget() under RCU);
it then acquires psd->lock and drops the reference. Before
the lock is taken, psp_dev_unregister() can run to completion:
take psd->lock, clear out state, unlock, drop the registration
reference.

The expectation is that the lock prevents device unregistration,
but much like with netdevs special care has to be taken when
"upgrading" a reference to a locked device. Add the missing
check if device is still alive. psp_dev_is_registered() exists
already but had no callers, which makes me wonder if I either
forgot to add this or lost the check during refactoring...
Published: 2026-06-24
Score: n/a
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The Linux kernel’s PSP network driver contains a race condition that allows a device to be unregistered while an association is being created. The code obtains a reference to a device, releases the reference, and then takes a lock that should prevent the device from being removed. If the device is unregistered between the reference release and lock acquisition, the driver may later operate on a freed object, resulting in memory corruption or a kernel panic. This scenario maps to CWE-367 (Race Condition).

Affected Systems

All Linux kernel releases that include the PSP network driver and lack the defensive check added in the recent commit. Explicit version numbers are not listed in the advisory; any kernel code path that runs the buggy psp_assoc_device_get_locked routine is potentially vulnerable until the patch is applied.

Risk and Exploitability

The EPSS score is reported as < 1%, indicating a very low probability of exploitation. The vulnerability is not listed in the CISA KEV catalog. No public exploits are documented in the advisory, and exploitation would likely require a crafted packet sequence or local privileged access to trigger the race condition. While the potential impact is severe, the overall risk remains uncertain due to the low likelihood of successful exploitation.

Generated by OpenCVE AI on June 27, 2026 at 04:28 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the kernel patch that adds the missing device‑registration check (the fix is present in the commit identified by c89769f936a8fa9e66de72ddc1b71a9745a488e6).
  • If a kernel update is not immediately possible, disable or blacklist the PSP network driver to prevent its use until a newer kernel version is deployed.
  • Continuously monitor vendor advisories and install any subsequent kernel releases that include the fix as soon as they become available.

Generated by OpenCVE AI on June 27, 2026 at 04:28 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 27 Jun 2026 03:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-416

Sat, 27 Jun 2026 00:15:00 +0000


Wed, 24 Jun 2026 20:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-416

Wed, 24 Jun 2026 17:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: net: psp: check for device unregister when creating assoc psp_assoc_device_get_locked() obtains a psp_dev reference via psp_dev_get_for_sock() (which uses psp_dev_tryget() under RCU); it then acquires psd->lock and drops the reference. Before the lock is taken, psp_dev_unregister() can run to completion: take psd->lock, clear out state, unlock, drop the registration reference. The expectation is that the lock prevents device unregistration, but much like with netdevs special care has to be taken when "upgrading" a reference to a locked device. Add the missing check if device is still alive. psp_dev_is_registered() exists already but had no callers, which makes me wonder if I either forgot to add this or lost the check during refactoring...
Title net: psp: check for device unregister when creating assoc
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-06-24T16:28:55.696Z

Reserved: 2026-06-09T07:44:35.376Z

Link: CVE-2026-52979

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

Severity :

Publid Date: 2026-06-24T00:00:00Z

Links: CVE-2026-52979 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-27T04:30:11Z

Weaknesses
  • CWE-367

    Time-of-check Time-of-use (TOCTOU) Race Condition