CVE-2026-23475

The controller per-cpu statistics is not allocated until after the controller has been registered with driver core, which leaves a window where accessing the sysfs attributes can trigger a NULL-pointer dereference.

Fix this by moving the statistics allocation to controller allocation while tying its lifetime to that of the controller (rather than using implicit devres).

Database specific

{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/23xxx/CVE-2026-23475.json"
}

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

6598b91b5ac32bc756d7c3000a31f775d4ead1c4

Fixed

80c5bd0dca1cc5526ae0f4b273ccd163ed4caa4e

Fixed

f13100b1f5f111989f0750540a795fdef47492af

Fixed

df30056c78e8bead02d4be020199cabdbec0fef1

Fixed

378b295f67102eef78cf2c28105f60ae1dab5cc1

Fixed

118ce777d39f03cac99231196f820e4f998613a8

Fixed

dee0774bbb2abb172e9069ce5ffef579b12b3ae9

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-23475.json"

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

6.0.0

Fixed

6.1.167

Type: ECOSYSTEM
Events: Introduced

6.2.0

Fixed

6.6.130

Type: ECOSYSTEM
Events: Introduced

6.7.0

Fixed

6.12.78

Type: ECOSYSTEM
Events: Introduced

6.13.0

Fixed

6.18.20

Type: ECOSYSTEM
Events: Introduced

6.19.0

Fixed

6.19.10

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-23475.json"