Wind River Support Network

HomeDefectsLIN1023-24621
Fixed

LIN1023-24621 : Security Advisory - linux - CVE-2026-46267

Created: Jun 4, 2026    Updated: Jun 9, 2026
Resolved Date: Jun 4, 2026
Found In Version: 10.23.30.2
Fix Version: 10.23.30.21
Severity: Standard
Applicable for: Wind River Linux LTS 23
Component/s: Kernel

Description

In the Linux kernel, the following vulnerability has been resolved:  nfc: hci: shdlc: Stop timers and work before freeing context  llc_shdlc_deinit() purges SHDLC skb queues and frees the llc_shdlc structure while its timers and state machine work may still be active.  Timer callbacks can schedule sm_work, and sm_work accesses SHDLC state and the skb queues. If teardown happens in parallel with a queued/running work item, it can lead to UAF and other shutdown races.  Stop all SHDLC timers and cancel sm_work synchronously before purging the queues and freeing the context.  Found by Linux Verification Center (linuxtesting.org) with SVACE.

CVEs

  • Linkedin
  • Facebook
  • Twitter
  • Youtube