Description
In the Linux kernel, the following vulnerability has been resolved:

net: mana: Guard mana_remove against double invocation

If PM resume fails (e.g., mana_attach() returns an error), mana_probe()
calls mana_remove(), which tears down the device and sets
gd->gdma_context = NULL and gd->driver_data = NULL.

However, a failed resume callback does not automatically unbind the
driver. When the device is eventually unbound, mana_remove() is invoked
a second time. Without a NULL check, it dereferences gc->dev with
gc == NULL, causing a kernel panic.

Add an early return if gdma_context or driver_data is NULL so the second
invocation is harmless. Move the dev = gc->dev assignment after the
guard so it cannot dereference NULL.
Published: 2026-06-26
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

In the Linux kernel, the mana driver can be removed twice when a failed power‑management resume does not automatically unbind the driver. The second invocation of the removal routine dereferences a NULL pointer because the device reference is not checked, which causes a kernel panic. The flaw does not grant the attacker additional privileges and it only affects the system while it is running.

Affected Systems

All Linux kernel builds that include the mana driver before the patch are affected. The vulnerability remains present across distributions until the kernel tree incorporates the guarded removal logic demonstrated in the cited commit references. Distribution packs that have not yet applied the patch should assume the flaw is present and verify against the commit identifiers listed.

Risk and Exploitability

The CVSS score is 5.5, indicating medium severity, and the EPSS score is <1%, meaning the likelihood of exploitation is very low. The vulnerability is not listed in CISA KEV. The attack path requires an action that causes the mana driver removal routine to be invoked twice when a power‑management resume fails. Based on the description, it is inferred that the attacker would need local or elevated privileges to force a resume failure or manipulate the device state. The resulting kernel panic causes a denial of service that requires a reboot and the crash is observable only while the system is running.

Generated by OpenCVE AI on June 29, 2026 at 15:25 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Linux kernel to a version that incorporates the commits identified in the advisory.
  • If immediate kernel upgrade is not possible, disable or unload the mana driver so it cannot be removed during power‑resume failures.
  • Reboot the system after performing the upgrade or driver disablement to ensure the change takes effect and no pending state remains.

Generated by OpenCVE AI on June 29, 2026 at 15:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 29 Jun 2026 14:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-476

Mon, 29 Jun 2026 12:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-367
References
Metrics threat_severity

None

cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Low


Fri, 26 Jun 2026 23:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-476

Fri, 26 Jun 2026 20:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: net: mana: Guard mana_remove against double invocation If PM resume fails (e.g., mana_attach() returns an error), mana_probe() calls mana_remove(), which tears down the device and sets gd->gdma_context = NULL and gd->driver_data = NULL. However, a failed resume callback does not automatically unbind the driver. When the device is eventually unbound, mana_remove() is invoked a second time. Without a NULL check, it dereferences gc->dev with gc == NULL, causing a kernel panic. Add an early return if gdma_context or driver_data is NULL so the second invocation is harmless. Move the dev = gc->dev assignment after the guard so it cannot dereference NULL.
Title net: mana: Guard mana_remove against double invocation
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-06-26T19:40:55.155Z

Reserved: 2026-06-09T07:44:35.396Z

Link: CVE-2026-53297

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

Severity : Low

Publid Date: 2026-06-26T00:00:00Z

Links: CVE-2026-53297 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-29T15:30:05Z

Weaknesses
  • CWE-367

    Time-of-check Time-of-use (TOCTOU) Race Condition