PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-43447 Linux CVE debrief

CVE-2026-43447 is a Linux kernel use-after-free in the iavf driver’s PTP handling. A worker added to periodically cache PHC time was not stopped during reset or VF disable, creating a teardown race. If the worker runs while adapter resources are being freed, it can touch invalid memory and cause a crash. The published fix ensures PTP cleanup happens before adapter teardown so the worker is synchronously canceled first.

Vendor
Linux
Product
Unknown
CVSS
HIGH 7.8
CISA KEV
Not listed in stored evidence
Original CVE published
2026-05-08
Original CVE updated
2026-05-21
Advisory published
2026-05-08
Advisory updated
2026-05-21

Who should care

Linux kernel maintainers, distro security teams, and operators running affected kernels with the iavf driver, especially on systems using PTP/PHC features. Because the CVSS vector is local with low privileges, environments that allow local users or untrusted workloads on affected hosts should pay particular attention.

Technical summary

NVD classifies the issue as CWE-416 (use-after-free) with CVSS 3.1 vector AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. The vulnerable path is in iavf’s PTP time-caching worker introduced by commit 7c01dbfc8a1c5f. During iavf_reset_task() or iavf_disable_vf(), adapter resources can be torn down before the worker is stopped. The fix calls iavf_ptp_release() before adapter teardown so ptp_clock_unregister() can synchronously cancel the worker and remove the chardev before backing resources are destroyed.

Defensive priority

High. This is a kernel memory-safety issue with crash potential and high CVSS impact, and it affects multiple released kernel branches and release candidates listed by NVD.

Recommended defensive actions

  • Apply the upstream/stable kernel fix commits referenced by NVD: 1b034f2429ce6b45ce74dc266175d277acafc5c4, 90cc8b2add29b57288025b51c70bc647e7cccb12, and efc54fb13d79117a825fef17364315a58682c7ec, or update to a kernel that
  • Verify whether your systems use the iavf driver and whether PTP/PHC functionality is enabled or exposed in production.
  • Prioritize patching affected kernel lines noted by NVD: 6.15 through 6.18.19, 6.19 through 6.19.9, and the affected 7.0 release candidates listed in the record.
  • Watch for kernel warnings, crashes, or instability during VF reset and disable operations on affected hosts.
  • Use your normal kernel update and backport process to confirm the fix is present in vendor kernels, especially where stable backports are common.

Evidence notes

The debrief is based on the CVE description and NVD metadata supplied in the source corpus. NVD states the issue is a CWE-416 use-after-free in the Linux kernel iavf driver, with the vulnerable ranges and three patch references listed in the record. The timeline uses the CVE publishedAt and modifiedAt values provided. No exploit details or unsupported impact claims are included.

Official resources

CVE published 2026-05-08 and last modified 2026-05-21, per the supplied timeline. This debrief reflects the record as of those dates and the official references provided.