HOMEVULNERABILITIESCVE-2026-43276
HIGH

CVE-2026-43276

Published: May 6, 2026· Updated: May 8, 2026

7.8
CVSS v3.1
EPSS:0.02%probability of exploitation in 30 daysPercentile:4.1th

Official Description

In the Linux kernel, the following vulnerability has been resolved:

net: mana: Fix double destroy_workqueue on service rescan PCI path

While testing corner cases in the driver, a use-after-free crash

was found on the service rescan PCI path.

When mana_serv_reset() calls mana_gd_suspend(), mana_gd_cleanup()

destroys gc->service_wq. If the subsequent mana_gd_resume() fails

with -ETIMEDOUT or -EPROTO, the code falls through to

mana_serv_rescan() which triggers pci_stop_and_remove_bus_device().

This invokes the PCI .remove callback (mana_gd_remove), which calls

mana_gd_cleanup() a second time, attempting to destroy the already-

freed workqueue. Fix this by NULL-checking gc->service_wq in

mana_gd_cleanup() and setting it to NULL after destruction.

Call stack of issue for reference:

[Sat Feb 21 18:53:48 2026] Call Trace:

[Sat Feb 21 18:53:48 2026] <TASK>

[Sat Feb 21 18:53:48 2026] mana_gd_cleanup+0x33/0x70 [mana]

[Sat Feb 21 18:53:48 2026] mana_gd_remove+0x3a/0xc0 [mana]

[Sat Feb 21 18:53:48 2026] pci_device_remove+0x41/0xb0

[Sat Feb 21 18:53:48 2026] device_remove+0x46/0x70

[Sat Feb 21 18:53:48 2026] device_release_driver_internal+0x1e3/0x250

[Sat Feb 21 18:53:48 2026] device_release_driver+0x12/0x20

[Sat Feb 21 18:53:48 2026] pci_stop_bus_device+0x6a/0x90

[Sat Feb 21 18:53:48 2026] pci_stop_and_remove_bus_device+0x13/0x30

[Sat Feb 21 18:53:48 2026] mana_do_service+0x180/0x290 [mana]

[Sat Feb 21 18:53:48 2026] mana_serv_func+0x24/0x50 [mana]

[Sat Feb 21 18:53:48 2026] process_one_work+0x190/0x3d0

[Sat Feb 21 18:53:48 2026] worker_thread+0x16e/0x2e0

[Sat Feb 21 18:53:48 2026] kthread+0xf7/0x130

[Sat Feb 21 18:53:48 2026] ? __pfx_worker_thread+0x10/0x10

[Sat Feb 21 18:53:48 2026] ? __pfx_kthread+0x10/0x10

[Sat Feb 21 18:53:48 2026] ret_from_fork+0x269/0x350

[Sat Feb 21 18:53:48 2026] ? __pfx_kthread+0x10/0x10

[Sat Feb 21 18:53:48 2026] ret_from_fork_asm+0x1a/0x30

[Sat Feb 21 18:53:48 2026] </TASK>

NVD Source

Technical Analysis

CVE-2026-43276 requires local access, meaning attackers must already have a foothold on the target system.

Exploitation requires low privileges, which limits the exposure to scenarios where an attacker has already gained initial access.

A successful exploit results in complete confidentiality breach (data exposure), full integrity compromise (data manipulation), availability disruption (denial of service), with a CVSS base score of 7.8.

CVSS v3.1 Vector Breakdown

Exploitability
Attack VectorLocal
Attack ComplexityLow
Privileges Req.Low
User InteractionNone
ScopeUnchanged
Impact
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Vendors & Products

Linux1 product
linux kernel
Source: NVD CPE · 2 total CPE entries

Exploit & PoC Resources

NO KNOWN EXPLOITNo public exploit confirmed at this time
External links open in a new tab. Always verify in a controlled environment before use.

Official Patches & Advisories

All References (3)

Quick Facts

CVE IDCVE-2026-43276
CVSS Score7.8 / 10
SeverityHIGH
CISA KEVNo
EPSS (30d)0.02%
Affected1 vendor
PublishedMay 6, 2026

Recommended Actions

  • Apply vendor patches immediately
  • Monitor CVE-2026-43276 in threat intel feeds
  • Review IDS/IPS signatures for exploitation attempts
Data sourced from NVD (NIST), CISA KEV, and EPSS (FIRST). Analysis generated by CTIWATCH.COM. CVE data is provided under the NVD usage policy.