Description
In the Linux kernel, the following vulnerability has been resolved:

net: mana: Use pci_name() for debugfs directory naming

Use pci_name(pdev) for the per-device debugfs directory instead of
hardcoded "0" for PFs and pci_slot_name(pdev->slot) for VFs. The
previous approach had two issues:

1. pci_slot_name() dereferences pdev->slot, which can be NULL for VFs
in environments like generic VFIO passthrough or nested KVM,
causing a NULL pointer dereference.

2. Multiple PFs would all use "0", and VFs across different PCI
domains or buses could share the same slot name, leading to
-EEXIST errors from debugfs_create_dir().

pci_name(pdev) returns the unique BDF address, is always valid, and is
unique across the system.
Published: 2026-06-26
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The net/mana driver in the Linux kernel constructs per‑device debugfs directories using a hard‑coded "0" for physical functions and the result of pci_slot_name(pdev->slot) for virtual functions. In environments where pdev->slot is NULL, such as some VFIO passthrough or nested KVM scenarios, pci_slot_name() dereferences a NULL pointer, causing a kernel Oops. Multiple physical functions using the same name \"0\" and virtual functions across domains or buses can also collide, leading to debugfs_create_dir() returning –EEXIST. Both scenarios trigger denial of service by crashing the kernel or preventing debugfs entry creation.

Affected Systems

Linux kernel versions that include the net/mana driver before the commit changing the debugfs directory naming are affected. No specific version range is listed, so any kernel with this driver in its default configuration prior to the patch is at risk. The vendor is Linux and the product is the Linux kernel.

Risk and Exploitability

The flaw remains local only; an attacker must be able to trigger driver initialization or reload while the kernel is active. A local user who can reload the module or provoke driver re‑initialization, for example by rebooting, disabling and re‑loading the driver, or manipulating device hotplug events, could force a kernel crash or prevent debugfs entry creation. The CVSS score is 5.5, the EPSS score is below 1%, and the vulnerability is not listed in the CISA KEV catalog, indicating moderate severity but a relatively low likelihood of exploitation in typical environments.

Generated by OpenCVE AI on June 30, 2026 at 03:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply a kernel version that includes the commit changing debugfs directory naming to use pci_name(), for example any release after commit 34d7b819544c99c9d96b400fe4db613f40ac4b.
  • If an immediate kernel upgrade is not feasible, disable the creation of debugfs entries for this driver by booting with the `debugfs=0` kernel parameter or disabling CONFIG_DEBUG_FS, which prevents the NULL dereference and directory name collision.
  • Ensure the net/mana module is not automatically reloaded by blacklisting it (e.g., add a blacklist entry in /etc/modprobe.d or prevent module init during the upgrade window).

Generated by OpenCVE AI on June 30, 2026 at 03:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 30 Jun 2026 02:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-476

Tue, 30 Jun 2026 00:45:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Low


Fri, 26 Jun 2026 23:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-476

Fri, 26 Jun 2026 20:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: net: mana: Use pci_name() for debugfs directory naming Use pci_name(pdev) for the per-device debugfs directory instead of hardcoded "0" for PFs and pci_slot_name(pdev->slot) for VFs. The previous approach had two issues: 1. pci_slot_name() dereferences pdev->slot, which can be NULL for VFs in environments like generic VFIO passthrough or nested KVM, causing a NULL pointer dereference. 2. Multiple PFs would all use "0", and VFs across different PCI domains or buses could share the same slot name, leading to -EEXIST errors from debugfs_create_dir(). pci_name(pdev) returns the unique BDF address, is always valid, and is unique across the system.
Title net: mana: Use pci_name() for debugfs directory naming
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-06-26T19:41:14.708Z

Reserved: 2026-06-09T07:44:35.398Z

Link: CVE-2026-53324

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

Severity : Low

Publid Date: 2026-06-26T00:00:00Z

Links: CVE-2026-53324 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-30T03:30:05Z

Weaknesses

No weakness.