← back
CVE-2026-52979

net: psp: check for device unregister when creating assoc

3Vexday Risk Score

No sign of exploitation. No public exploitation artifact known so far.

ssvc Trackepss 0.1%
exploitation probability
0.1%top 99% of all CVEs
observed exploitation
nono source reports it
In the Linux kernel, the following vulnerability has been resolved: net: psp: check for device unregister when creating assoc psp_assoc_device_get_locked() obtains a psp_dev reference via psp_dev_get_for_sock() (which uses psp_dev_tryget() under RCU); it then acquires psd->lock and drops the reference. Before the lock is taken, psp_dev_unregister() can run to completion: take psd->lock, clear out state, unlock, drop the registration reference. The expectation is that the lock prevents device unregistration, but much like with netdevs special care has to be taken when "upgrading" a reference to a locked device. Add the missing check if device is still alive. psp_dev_is_registered() exists already but had no callers, which makes me wonder if I either forgot to add this or lost the check during refactoring...
Affected products
Linux · Linux