{"id":"CVE-2026-23221","summary":"bus: fsl-mc: fix use-after-free in driver_override_show()","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nbus: fsl-mc: fix use-after-free in driver_override_show()\n\nThe driver_override_show() function reads the driver_override string\nwithout holding the device_lock. However, driver_override_store() uses\ndriver_set_override(), which modifies and frees the string while holding\nthe device_lock.\n\nThis can result in a concurrent use-after-free if the string is freed\nby the store function while being read by the show function.\n\nFix this by holding the device_lock around the read operation.","modified":"2026-04-14T03:48:45.432662Z","published":"2026-02-18T14:53:24.391Z","related":["SUSE-SU-2026:0962-1","SUSE-SU-2026:1081-1","SUSE-SU-2026:20667-1","SUSE-SU-2026:20720-1","SUSE-SU-2026:20838-1","SUSE-SU-2026:20845-1","SUSE-SU-2026:20876-1","SUSE-SU-2026:20931-1","openSUSE-SU-2026:10387-1","openSUSE-SU-2026:20416-1"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/23xxx/CVE-2026-23221.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/148891e95014b5dc5878acefa57f1940c281c431"},{"type":"WEB","url":"https://git.kernel.org/stable/c/1d6bd6183e723a7b256ff34bbb5b498b5f4f2ec0"},{"type":"WEB","url":"https://git.kernel.org/stable/c/a2ae33e1c6361e960a4d00f7cf75d880b54f9528"},{"type":"WEB","url":"https://git.kernel.org/stable/c/b1983840287303e0dfb401b1b6cecc5ea7471e90"},{"type":"WEB","url":"https://git.kernel.org/stable/c/c424e72cfa67e7e1477035058a8a659f2c0ea637"},{"type":"WEB","url":"https://git.kernel.org/stable/c/c71dfb7833db7af652ee8f65011f14c97c47405d"},{"type":"WEB","url":"https://git.kernel.org/stable/c/dd8ba8c0c3f3916d4ee1e3a09da9cd5caff5d227"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/23xxx/CVE-2026-23221.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-23221"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"1f86a00c1159fd77e66b1bd6ff1a183f4d46f34d"},{"fixed":"c71dfb7833db7af652ee8f65011f14c97c47405d"},{"fixed":"c424e72cfa67e7e1477035058a8a659f2c0ea637"},{"fixed":"b1983840287303e0dfb401b1b6cecc5ea7471e90"},{"fixed":"dd8ba8c0c3f3916d4ee1e3a09da9cd5caff5d227"},{"fixed":"1d6bd6183e723a7b256ff34bbb5b498b5f4f2ec0"},{"fixed":"a2ae33e1c6361e960a4d00f7cf75d880b54f9528"},{"fixed":"148891e95014b5dc5878acefa57f1940c281c431"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-23221.json"}}],"schema_version":"1.7.5"}