Improper resource shutdown or release in Linux kernel - CVE-2026-43014
Published: May 2, 2026
Vulnerability identifier: #VU128897
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2026-43014
CWE-ID: CWE-404
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to improper resource shutdown or release in the macb network driver clock registration handling when unregistering fixed rate clocks. A local user can trigger the affected code path to cause a denial of service.
How to mitigate CVE-2026-43014
Install security update from vendor's repository.
Sources
- https://git.kernel.org/stable/c/015aa24d3721a05b40935b8af78b49cadf616b8d
- https://git.kernel.org/stable/c/5392a5174df4f5a2fad2f00e8c617394d0efe031
- https://git.kernel.org/stable/c/54c6f0e7682433abed0304ac2f5cb71a92d4b366
- https://git.kernel.org/stable/c/6ec567425c057fd850651ee09b31d059ef960e0f
- https://git.kernel.org/stable/c/e1f6f47d6e60d51c3294e5b85787e9aee24c450e
- https://git.kernel.org/stable/c/e35dbfdb1b7710f04ff5c9972ea04971d823a22d
- https://git.kernel.org/stable/c/ec1be2ce0d94506f11b22066fd6dc5eb4341b14f
- https://git.kernel.org/stable/c/f0f367a4f459cc8118aadc43c6bba53c60d93f8d