{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-23221","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2026-01-13T15:37:45.987Z","datePublished":"2026-02-18T14:53:24.391Z","dateUpdated":"2026-05-11T22:02:39.852Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T22:02:39.852Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nbus: fsl-mc: fix use-after-free in driver_override_show()\n\nThe driver_override_show() function reads the driver_override string\nwithout holding the device_lock. However, driver_override_store() uses\ndriver_set_override(), which modifies and frees the string while holding\nthe device_lock.\n\nThis can result in a concurrent use-after-free if the string is freed\nby the store function while being read by the show function.\n\nFix this by holding the device_lock around the read operation."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/bus/fsl-mc/fsl-mc-bus.c"],"versions":[{"version":"1f86a00c1159fd77e66b1bd6ff1a183f4d46f34d","lessThan":"c71dfb7833db7af652ee8f65011f14c97c47405d","status":"affected","versionType":"git"},{"version":"1f86a00c1159fd77e66b1bd6ff1a183f4d46f34d","lessThan":"c424e72cfa67e7e1477035058a8a659f2c0ea637","status":"affected","versionType":"git"},{"version":"1f86a00c1159fd77e66b1bd6ff1a183f4d46f34d","lessThan":"b1983840287303e0dfb401b1b6cecc5ea7471e90","status":"affected","versionType":"git"},{"version":"1f86a00c1159fd77e66b1bd6ff1a183f4d46f34d","lessThan":"dd8ba8c0c3f3916d4ee1e3a09da9cd5caff5d227","status":"affected","versionType":"git"},{"version":"1f86a00c1159fd77e66b1bd6ff1a183f4d46f34d","lessThan":"1d6bd6183e723a7b256ff34bbb5b498b5f4f2ec0","status":"affected","versionType":"git"},{"version":"1f86a00c1159fd77e66b1bd6ff1a183f4d46f34d","lessThan":"a2ae33e1c6361e960a4d00f7cf75d880b54f9528","status":"affected","versionType":"git"},{"version":"1f86a00c1159fd77e66b1bd6ff1a183f4d46f34d","lessThan":"148891e95014b5dc5878acefa57f1940c281c431","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/bus/fsl-mc/fsl-mc-bus.c"],"versions":[{"version":"5.10","status":"affected"},{"version":"0","lessThan":"5.10","status":"unaffected","versionType":"semver"},{"version":"5.15.201","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.164","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.127","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.12.74","lessThanOrEqual":"6.12.*","status":"unaffected","versionType":"semver"},{"version":"6.18.11","lessThanOrEqual":"6.18.*","status":"unaffected","versionType":"semver"},{"version":"6.19.1","lessThanOrEqual":"6.19.*","status":"unaffected","versionType":"semver"},{"version":"7.0","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.10","versionEndExcluding":"5.15.201"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.10","versionEndExcluding":"6.1.164"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.10","versionEndExcluding":"6.6.127"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.10","versionEndExcluding":"6.12.74"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.10","versionEndExcluding":"6.18.11"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.10","versionEndExcluding":"6.19.1"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.10","versionEndExcluding":"7.0"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/c71dfb7833db7af652ee8f65011f14c97c47405d"},{"url":"https://git.kernel.org/stable/c/c424e72cfa67e7e1477035058a8a659f2c0ea637"},{"url":"https://git.kernel.org/stable/c/b1983840287303e0dfb401b1b6cecc5ea7471e90"},{"url":"https://git.kernel.org/stable/c/dd8ba8c0c3f3916d4ee1e3a09da9cd5caff5d227"},{"url":"https://git.kernel.org/stable/c/1d6bd6183e723a7b256ff34bbb5b498b5f4f2ec0"},{"url":"https://git.kernel.org/stable/c/a2ae33e1c6361e960a4d00f7cf75d880b54f9528"},{"url":"https://git.kernel.org/stable/c/148891e95014b5dc5878acefa57f1940c281c431"}],"title":"bus: fsl-mc: fix use-after-free in driver_override_show()","x_generator":{"engine":"bippy-1.2.0"}}}}