CVE-2026-23452

In the Linux kernel, the following vulnerability has been resolved: PM: runtime: Fix a race condition related to device removal The following code in pm_runtime_work() may dereference the dev->parent pointer after the parent device has been freed: /* Maybe the parent is now able to suspend. */ if (parent && !parent->power.ignore_children) { spin_unlock(&dev->power.lock); spin_lock(&parent->power.lock); rpm_idle(parent, RPM_ASYNC); spin_unlock(&parent->power.lock); spin_lock(&dev->power.lock); } Fix this by inserting a flush_work() call in pm_runtime_remove(). Without this patch blktest block/001 triggers the following complaint sporadically: BUG: KASAN: slab-use-after-free in lock_acquire+0x70/0x160 Read of size 1 at addr ffff88812bef7198 by task kworker/u553:1/3081 Workqueue: pm pm_runtime_work Call Trace: <TASK> dump_stack_lvl+0x61/0x80 print_address_description.constprop.0+0x8b/0x310 print_report+0xfd/0x1d7 kasan_report+0xd8/0x1d0 __kasan_check_byte+0x42/0x60 lock_acquire.part.0+0x38/0x230 lock_acquire+0x70/0x160 _raw_spin_lock+0x36/0x50 rpm_suspend+0xc6a/0xfe0 rpm_idle+0x578/0x770 pm_runtime_work+0xee/0x120 process_one_work+0xde3/0x1410 worker_thread+0x5eb/0xfe0 kthread+0x37b/0x480 ret_from_fork+0x6cb/0x920 ret_from_fork_asm+0x11/0x20 </TASK> Allocated by task 4314: kasan_save_stack+0x2a/0x50 kasan_save_track+0x18/0x40 kasan_save_alloc_info+0x3d/0x50 __kasan_kmalloc+0xa0/0xb0 __kmalloc_noprof+0x311/0x990 scsi_alloc_target+0x122/0xb60 [scsi_mod] __scsi_scan_target+0x101/0x460 [scsi_mod] scsi_scan_channel+0x179/0x1c0 [scsi_mod] scsi_scan_host_selected+0x259/0x2d0 [scsi_mod] store_scan+0x2d2/0x390 [scsi_mod] dev_attr_store+0x43/0x80 sysfs_kf_write+0xde/0x140 kernfs_fop_write_iter+0x3ef/0x670 vfs_write+0x506/0x1470 ksys_write+0xfd/0x230 __x64_sys_write+0x76/0xc0 x64_sys_call+0x213/0x1810 do_syscall_64+0xee/0xfc0 entry_SYSCALL_64_after_hwframe+0x4b/0x53 Freed by task 4314: kasan_save_stack+0x2a/0x50 kasan_save_track+0x18/0x40 kasan_save_free_info+0x3f/0x50 __kasan_slab_free+0x67/0x80 kfree+0x225/0x6c0 scsi_target_dev_release+0x3d/0x60 [scsi_mod] device_release+0xa3/0x220 kobject_cleanup+0x105/0x3a0 kobject_put+0x72/0xd0 put_device+0x17/0x20 scsi_device_dev_release+0xacf/0x12c0 [scsi_mod] device_release+0xa3/0x220 kobject_cleanup+0x105/0x3a0 kobject_put+0x72/0xd0 put_device+0x17/0x20 scsi_device_put+0x7f/0xc0 [scsi_mod] sdev_store_delete+0xa5/0x120 [scsi_mod] dev_attr_store+0x43/0x80 sysfs_kf_write+0xde/0x140 kernfs_fop_write_iter+0x3ef/0x670 vfs_write+0x506/0x1470 ksys_write+0xfd/0x230 __x64_sys_write+0x76/0xc0 x64_sys_call+0x213/0x1810

CVSS v3 4.7 MEDIUM

4.7^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.0 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/20f6e2e22a9c6234113812d5f300d3e952a82721	Patch
https://git.kernel.org/stable/c/29ab768277617452d88c0607c9299cdc63b6e9ff	Patch
https://git.kernel.org/stable/c/39f2d86f2ddde8d1beda05732f30c7cd945e0b5a	Patch
https://git.kernel.org/stable/c/5649b46af8b167259e8a8e4e7eb3667ce74554b5	Patch
https://git.kernel.org/stable/c/b6dd1a562ca8ba96c8ecb247c62b73f9fa02d47e	Patch
https://git.kernel.org/stable/c/bb081fd37f8312651140d7429557258afe51693d	Patch
https://git.kernel.org/stable/c/c6febaacfb8a0aec7d771a0e6c21cd68102d5679	Patch
https://git.kernel.org/stable/c/cf65a77c0f9531eb6cfb97cc040974d2d8fff043	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc1::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc2::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc3::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc4::::::

History

26 May 2026, 14:52

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 4.7
CPE		cpe:2.3:o:linux:linux_kernel:7.0:rc3:::::: cpe:2.3:o:linux:linux_kernel:7.0:rc1:::::: cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:linux:linux_kernel:7.0:rc2:::::: cpe:2.3:o:linux:linux_kernel:7.0:rc4::::::
First Time		Linux Linux linux Kernel
CWE		CWE-362
References	~~() https://git.kernel.org/stable/c/20f6e2e22a9c6234113812d5f300d3e952a82721 -~~	() https://git.kernel.org/stable/c/20f6e2e22a9c6234113812d5f300d3e952a82721 - Patch
References	~~() https://git.kernel.org/stable/c/29ab768277617452d88c0607c9299cdc63b6e9ff -~~	() https://git.kernel.org/stable/c/29ab768277617452d88c0607c9299cdc63b6e9ff - Patch
References	~~() https://git.kernel.org/stable/c/39f2d86f2ddde8d1beda05732f30c7cd945e0b5a -~~	() https://git.kernel.org/stable/c/39f2d86f2ddde8d1beda05732f30c7cd945e0b5a - Patch
References	~~() https://git.kernel.org/stable/c/5649b46af8b167259e8a8e4e7eb3667ce74554b5 -~~	() https://git.kernel.org/stable/c/5649b46af8b167259e8a8e4e7eb3667ce74554b5 - Patch
References	~~() https://git.kernel.org/stable/c/b6dd1a562ca8ba96c8ecb247c62b73f9fa02d47e -~~	() https://git.kernel.org/stable/c/b6dd1a562ca8ba96c8ecb247c62b73f9fa02d47e - Patch
References	~~() https://git.kernel.org/stable/c/bb081fd37f8312651140d7429557258afe51693d -~~	() https://git.kernel.org/stable/c/bb081fd37f8312651140d7429557258afe51693d - Patch
References	~~() https://git.kernel.org/stable/c/c6febaacfb8a0aec7d771a0e6c21cd68102d5679 -~~	() https://git.kernel.org/stable/c/c6febaacfb8a0aec7d771a0e6c21cd68102d5679 - Patch
References	~~() https://git.kernel.org/stable/c/cf65a77c0f9531eb6cfb97cc040974d2d8fff043 -~~	() https://git.kernel.org/stable/c/cf65a77c0f9531eb6cfb97cc040974d2d8fff043 - Patch

18 Apr 2026, 09:16

Type	Values Removed	Values Added
References		() https://git.kernel.org/stable/c/20f6e2e22a9c6234113812d5f300d3e952a82721 - () https://git.kernel.org/stable/c/b6dd1a562ca8ba96c8ecb247c62b73f9fa02d47e -

03 Apr 2026, 16:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-04-03 16:16

Updated : 2026-05-26 14:52

NVD link : CVE-2026-23452

Mitre link : CVE-2026-23452

CVE.ORG link : CVE-2026-23452

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

4.7 /10