CVE-2026-45981 Linux CVE debrief

Who should care

System administrators and security teams managing IBM Z (s390/s390x) mainframe systems running Linux, particularly those utilizing Channel I/O devices. Organizations with high-availability requirements on zSystems infrastructure should prioritize this fix due to the potential for memory corruption in device initialization paths.

Technical summary

The vulnerability exists in `css_alloc_subchannel()` in the Linux kernel's s390 Channel I/O (CIO) code. The function calls `device_initialize()` before setting up DMA masks. If `dma_set_coherent_mask()` or `dma_set_mask()` fails, the original error path incorrectly called `kfree()` directly on the subchannel structure. Since `device_initialize()` had already been invoked, the embedded struct device had an active reference count, and direct kfree() bypassed proper device model cleanup. This could result in use-after-free or double-free memory corruption. The fix replaces the direct kfree() with `put_device()`, which properly decrements the reference count and allows the device's release callback to free the container structure when appropriate.

Defensive priority

medium

Recommended defensive actions

• Apply kernel updates from your Linux distribution that include the referenced commits
• For s390/zSystems environments, prioritize kernel patching to prevent potential memory corruption in Channel I/O device initialization
• Verify kernel version includes fixes from the referenced stable branch commits
• Monitor vendor security advisories for specific patch availability

Evidence notes

The CVE description and source references confirm this is a resolved Linux kernel vulnerability affecting the s390 architecture's Channel I/O subsystem. Multiple stable kernel branch commits are referenced, indicating backports to various supported kernel versions. The vulnerability status in NVD is 'Awaiting Analysis' as of the source publication date.

Official resources