HOMEVULNERABILITIESCVE-2026-23452
NONE

CVE-2026-23452

Published: April 3, 2026· Updated: Apr 7, 2026

EPSS:0.02%probability of exploitation in 30 daysPercentile:6.6th

Official Description

In the Linux kernel, the following vulnerability has been resolved:

PM: runtime: Fix a race condition related to device removal

The following code in pm_runtime_work() may dereference the dev->parent

pointer after the parent device has been freed:

/* Maybe the parent is now able to suspend. */

if (parent && !parent->power.ignore_children) {

spin_unlock(&dev->power.lock);

spin_lock(&parent->power.lock);

rpm_idle(parent, RPM_ASYNC);

spin_unlock(&parent->power.lock);

spin_lock(&dev->power.lock);

}

Fix this by inserting a flush_work() call in pm_runtime_remove().

Without this patch blktest block/001 triggers the following complaint

sporadically:

BUG: KASAN: slab-use-after-free in lock_acquire+0x70/0x160

Read of size 1 at addr ffff88812bef7198 by task kworker/u553:1/3081

Workqueue: pm pm_runtime_work

Call Trace:

<TASK>

dump_stack_lvl+0x61/0x80

print_address_description.constprop.0+0x8b/0x310

print_report+0xfd/0x1d7

kasan_report+0xd8/0x1d0

__kasan_check_byte+0x42/0x60

lock_acquire.part.0+0x38/0x230

lock_acquire+0x70/0x160

_raw_spin_lock+0x36/0x50

rpm_suspend+0xc6a/0xfe0

rpm_idle+0x578/0x770

pm_runtime_work+0xee/0x120

process_one_work+0xde3/0x1410

worker_thread+0x5eb/0xfe0

kthread+0x37b/0x480

ret_from_fork+0x6cb/0x920

ret_from_fork_asm+0x11/0x20

</TASK>

Allocated by task 4314:

kasan_save_stack+0x2a/0x50

kasan_save_track+0x18/0x40

kasan_save_alloc_info+0x3d/0x50

__kasan_kmalloc+0xa0/0xb0

__kmalloc_noprof+0x311/0x990

scsi_alloc_target+0x122/0xb60 [scsi_mod]

__scsi_scan_target+0x101/0x460 [scsi_mod]

scsi_scan_channel+0x179/0x1c0 [scsi_mod]

scsi_scan_host_selected+0x259/0x2d0 [scsi_mod]

store_scan+0x2d2/0x390 [scsi_mod]

dev_attr_store+0x43/0x80

sysfs_kf_write+0xde/0x140

kernfs_fop_write_iter+0x3ef/0x670

vfs_write+0x506/0x1470

ksys_write+0xfd/0x230

__x64_sys_write+0x76/0xc0

x64_sys_call+0x213/0x1810

do_syscall_64+0xee/0xfc0

entry_SYSCALL_64_after_hwframe+0x4b/0x53

Freed by task 4314:

kasan_save_stack+0x2a/0x50

kasan_save_track+0x18/0x40

kasan_save_free_info+0x3f/0x50

__kasan_slab_free+0x67/0x80

kfree+0x225/0x6c0

scsi_target_dev_release+0x3d/0x60 [scsi_mod]

device_release+0xa3/0x220

kobject_cleanup+0x105/0x3a0

kobject_put+0x72/0xd0

put_device+0x17/0x20

scsi_device_dev_release+0xacf/0x12c0 [scsi_mod]

device_release+0xa3/0x220

kobject_cleanup+0x105/0x3a0

kobject_put+0x72/0xd0

put_device+0x17/0x20

scsi_device_put+0x7f/0xc0 [scsi_mod]

sdev_store_delete+0xa5/0x120 [scsi_mod]

dev_attr_store+0x43/0x80

sysfs_kf_write+0xde/0x140

kernfs_fop_write_iter+0x3ef/0x670

vfs_write+0x506/0x1470

ksys_write+0xfd/0x230

__x64_sys_write+0x76/0xc0

x64_sys_call+0x213/0x1810

NVD Source

Technical Analysis

CVE-2026-23452 requires local access, meaning attackers must already have a foothold on the target system.

Exploitation requires some privileges, which limits the exposure to scenarios where an attacker has already gained initial access.

Affected Vendors & Products

Mentioned vendors (from description):
Linux
CPE data not yet available in NVD for this CVE.

Exploit & PoC Resources

NO KNOWN EXPLOITNo public exploit confirmed at this time
External links open in a new tab. Always verify in a controlled environment before use.

All References (6)

Quick Facts

CVE IDCVE-2026-23452
SeverityNONE
CISA KEVNo
EPSS (30d)0.02%
PublishedApr 3, 2026

Recommended Actions

  • Apply vendor patches immediately
  • Monitor CVE-2026-23452 in threat intel feeds
  • Review IDS/IPS signatures for exploitation attempts
Data sourced from NVD (NIST), CISA KEV, and EPSS (FIRST). Analysis generated by CTIWATCH.COM. CVE data is provided under the NVD usage policy.