{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-20T20:25:55.906","vulnerabilities":[{"cve":{"id":"CVE-2026-23104","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-02-04T17:16:21.270","lastModified":"2026-03-25T11:16:18.577","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nice: fix devlink reload call trace\n\nCommit 4da71a77fc3b (\"ice: read internal temperature sensor\") introduced\ninternal temperature sensor reading via HWMON. ice_hwmon_init() was added\nto ice_init_feature() and ice_hwmon_exit() was added to ice_remove(). As a\nresult if devlink reload is used to reinit the device and then the driver\nis removed, a call trace can occur.\n\nBUG: unable to handle page fault for address: ffffffffc0fd4b5d\nCall Trace:\n string+0x48/0xe0\n vsnprintf+0x1f9/0x650\n sprintf+0x62/0x80\n name_show+0x1f/0x30\n dev_attr_show+0x19/0x60\n\nThe call trace repeats approximately every 10 minutes when system\nmonitoring tools (e.g., sadc) attempt to read the orphaned hwmon sysfs\nattributes that reference freed module memory.\n\nThe sequence is:\n1. Driver load, ice_hwmon_init() gets called from ice_init_feature()\n2. Devlink reload down, flow does not call ice_remove()\n3. Devlink reload up, ice_hwmon_init() gets called from\n   ice_init_feature() resulting in a second instance\n4. Driver unload, ice_hwmon_exit() called from ice_remove() leaving the\n   first hwmon instance orphaned with dangling pointer\n\nFix this by moving ice_hwmon_exit() from ice_remove() to\nice_deinit_features() to ensure proper cleanup symmetry with\nice_hwmon_init()."},{"lang":"es","value":"En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\n\nice: corrige el rastreo de llamadas de recarga de devlink\n\nEl commit 4da71a77fc3b ('ice: read internal temperature sensor') introdujo la lectura del sensor de temperatura interno a través de HWMON. ice_hwmon_init() se añadió a ice_init_feature() y ice_hwmon_exit() se añadió a ice_remove(). Como resultado, si se utiliza la recarga de devlink para reinicializar el dispositivo y luego se elimina el controlador, puede ocurrir un rastreo de llamadas.\n\nERROR: no se puede manejar el fallo de página para la dirección: ffffffffc0fd4b5d\nRastreo de Llamadas:\n string+0x48/0xe0\n vsnprintf+0x1f9/0x650\n sprintf+0x62/0x80\n name_show+0x1f/0x30\n dev_attr_show+0x19/0x60\n\nEl rastreo de llamadas se repite aproximadamente cada 10 minutos cuando las herramientas de monitoreo del sistema (p. ej., sadc) intentan leer los atributos huérfanos de hwmon sysfs que referencian memoria de módulo liberada.\n\nLa secuencia es:\n1. Carga del controlador, ice_hwmon_init() es llamado desde ice_init_feature()\n2. Recarga de Devlink hacia abajo, el flujo no llama a ice_remove()\n3. Recarga de Devlink hacia arriba, ice_hwmon_init() es llamado desde ice_init_feature() resultando en una segunda instancia\n4. Descarga del controlador, ice_hwmon_exit() llamado desde ice_remove() dejando la primera instancia de hwmon huérfana con un puntero colgante\n\nSolucione esto moviendo ice_hwmon_exit() de ice_remove() a ice_deinit_features() para asegurar una simetría de limpieza adecuada con ice_hwmon_init()."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.8","versionEndExcluding":"6.18.8","matchCriteriaId":"493CE645-E315-45B0-8BC7-6E4D7E0AA338"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.19:rc1:*:*:*:*:*:*","matchCriteriaId":"17B67AA7-40D6-4AFA-8459-F200F3D7CFD1"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.19:rc2:*:*:*:*:*:*","matchCriteriaId":"C47E4CC9-C826-4FA9-B014-7FE3D9B318B2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.19:rc3:*:*:*:*:*:*","matchCriteriaId":"F71D92C0-C023-48BD-B3B6-70B638EEE298"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.19:rc4:*:*:*:*:*:*","matchCriteriaId":"13580667-0A98-40CC-B29F-D12790B91BDB"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.19:rc5:*:*:*:*:*:*","matchCriteriaId":"CAD1FED7-CF48-47BF-AC7D-7B6FA3C065FC"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.19:rc6:*:*:*:*:*:*","matchCriteriaId":"3EF854A1-ABB1-4E93-BE9A-44569EC76C0D"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/87c1dacca197cc64e06fedeb269e3dd6699bae60","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/8ac7dd0f813fb65ff2fd9543900c3009f8e84110","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/d3f867e7a04678640ebcbfb81893c59f4af48586","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}}]}