Linux Kernel: Potential Data Corruption on Certain Devices

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

Linux Kernel: Potential Data Corruption on Certain Devices

CVE-2026-23221

Summary

A bug in the Linux kernel's handling of device drivers could cause data corruption on certain devices. This has been fixed, so you don't need to take any action unless you're using an older version of the kernel. If you are, it's recommended to update to the latest version to ensure you have the fix.

Original title

In the Linux kernel, the following vulnerability has been resolved: bus: fsl-mc: fix use-after-free in driver_override_show() The driver_override_show() function reads the driver_override string ...

Original description

In the Linux kernel, the following vulnerability has been resolved:

bus: fsl-mc: fix use-after-free in driver_override_show()

The driver_override_show() function reads the driver_override string
without holding the device_lock. However, driver_override_store() uses
driver_set_override(), which modifies and frees the string while holding
the device_lock.

This can result in a concurrent use-after-free if the string is freed
by the store function while being read by the show function.

Fix this by holding the device_lock around the read operation.

Published: 18 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026