Vulnerability-Lookup

GHSA-W7X9-WQ5X-HGHJ

Vulnerability from github – Published: 2026-03-25 12:30 – Updated: 2026-03-25 12:30

Details

In the Linux kernel, the following vulnerability has been resolved:

libie: don't unroll if fwlog isn't supported

The libie_fwlog_deinit() function can be called during driver unload even when firmware logging was never properly initialized. This led to call trace:

[ 148.576156] Oops: Oops: 0000 [#1] SMP NOPTI [ 148.576167] CPU: 80 UID: 0 PID: 12843 Comm: rmmod Kdump: loaded Not tainted 6.17.0-rc7next-queue-3oct-01915-g06d79d51cf51 #1 PREEMPT(full) [ 148.576177] Hardware name: HPE ProLiant DL385 Gen10 Plus/ProLiant DL385 Gen10 Plus, BIOS A42 07/18/2020 [ 148.576182] RIP: 0010:__dev_printk+0x16/0x70 [ 148.576196] Code: 1f 44 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 44 00 00 41 55 41 54 49 89 d4 55 48 89 fd 53 48 85 f6 74 3c <4c> 8b 6e 50 48 89 f3 4d 85 ed 75 03 4c 8b 2e 48 89 df e8 f3 27 98 [ 148.576204] RSP: 0018:ffffd2fd7ea17a48 EFLAGS: 00010202 [ 148.576211] RAX: ffffd2fd7ea17aa0 RBX: ffff8eb288ae2000 RCX: 0000000000000000 [ 148.576217] RDX: ffffd2fd7ea17a70 RSI: 00000000000000c8 RDI: ffffffffb68d3d88 [ 148.576222] RBP: ffffffffb68d3d88 R08: 0000000000000000 R09: 0000000000000000 [ 148.576227] R10: 00000000000000c8 R11: ffff8eb2b1a49400 R12: ffffd2fd7ea17a70 [ 148.576231] R13: ffff8eb3141fb000 R14: ffffffffc1215b48 R15: ffffffffc1215bd8 [ 148.576236] FS: 00007f5666ba6740(0000) GS:ffff8eb2472b9000(0000) knlGS:0000000000000000 [ 148.576242] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 148.576247] CR2: 0000000000000118 CR3: 000000011ad17000 CR4: 0000000000350ef0 [ 148.576252] Call Trace: [ 148.576258] [ 148.576269] _dev_warn+0x7c/0x96 [ 148.576290] libie_fwlog_deinit+0x112/0x117 [libie_fwlog] [ 148.576303] ixgbe_remove+0x63/0x290 [ixgbe] [ 148.576342] pci_device_remove+0x42/0xb0 [ 148.576354] device_release_driver_internal+0x19c/0x200 [ 148.576365] driver_detach+0x48/0x90 [ 148.576372] bus_remove_driver+0x6d/0xf0 [ 148.576383] pci_unregister_driver+0x2e/0xb0 [ 148.576393] ixgbe_exit_module+0x1c/0xd50 [ixgbe] [ 148.576430] __do_sys_delete_module.isra.0+0x1bc/0x2e0 [ 148.576446] do_syscall_64+0x7f/0x980

It can be reproduced by trying to unload ixgbe driver in recovery mode.

Fix that by checking if fwlog is supported before doing unroll.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2026-23329"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-03-25T11:16:30Z",
    "severity": null
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nlibie: don\u0027t unroll if fwlog isn\u0027t supported\n\nThe libie_fwlog_deinit() function can be called during driver unload\neven when firmware logging was never properly initialized. This led to call\ntrace:\n\n[  148.576156] Oops: Oops: 0000 [#1] SMP NOPTI\n[  148.576167] CPU: 80 UID: 0 PID: 12843 Comm: rmmod Kdump: loaded Not tainted 6.17.0-rc7next-queue-3oct-01915-g06d79d51cf51 #1 PREEMPT(full)\n[  148.576177] Hardware name: HPE ProLiant DL385 Gen10 Plus/ProLiant DL385 Gen10 Plus, BIOS A42 07/18/2020\n[  148.576182] RIP: 0010:__dev_printk+0x16/0x70\n[  148.576196] Code: 1f 44 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 44 00 00 41 55 41 54 49 89 d4 55 48 89 fd 53 48 85 f6 74 3c \u003c4c\u003e 8b 6e 50 48 89 f3 4d 85 ed 75 03 4c 8b 2e 48 89 df e8 f3 27 98\n[  148.576204] RSP: 0018:ffffd2fd7ea17a48 EFLAGS: 00010202\n[  148.576211] RAX: ffffd2fd7ea17aa0 RBX: ffff8eb288ae2000 RCX: 0000000000000000\n[  148.576217] RDX: ffffd2fd7ea17a70 RSI: 00000000000000c8 RDI: ffffffffb68d3d88\n[  148.576222] RBP: ffffffffb68d3d88 R08: 0000000000000000 R09: 0000000000000000\n[  148.576227] R10: 00000000000000c8 R11: ffff8eb2b1a49400 R12: ffffd2fd7ea17a70\n[  148.576231] R13: ffff8eb3141fb000 R14: ffffffffc1215b48 R15: ffffffffc1215bd8\n[  148.576236] FS:  00007f5666ba6740(0000) GS:ffff8eb2472b9000(0000) knlGS:0000000000000000\n[  148.576242] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[  148.576247] CR2: 0000000000000118 CR3: 000000011ad17000 CR4: 0000000000350ef0\n[  148.576252] Call Trace:\n[  148.576258]  \u003cTASK\u003e\n[  148.576269]  _dev_warn+0x7c/0x96\n[  148.576290]  libie_fwlog_deinit+0x112/0x117 [libie_fwlog]\n[  148.576303]  ixgbe_remove+0x63/0x290 [ixgbe]\n[  148.576342]  pci_device_remove+0x42/0xb0\n[  148.576354]  device_release_driver_internal+0x19c/0x200\n[  148.576365]  driver_detach+0x48/0x90\n[  148.576372]  bus_remove_driver+0x6d/0xf0\n[  148.576383]  pci_unregister_driver+0x2e/0xb0\n[  148.576393]  ixgbe_exit_module+0x1c/0xd50 [ixgbe]\n[  148.576430]  __do_sys_delete_module.isra.0+0x1bc/0x2e0\n[  148.576446]  do_syscall_64+0x7f/0x980\n\nIt can be reproduced by trying to unload ixgbe driver in recovery mode.\n\nFix that by checking if fwlog is supported before doing unroll.",
  "id": "GHSA-w7x9-wq5x-hghj",
  "modified": "2026-03-25T12:30:22Z",
  "published": "2026-03-25T12:30:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23329"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0138d1cdb19fa49181a5aaba32427f1787cb3935"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/460c56ecbef57684aad1d6af525b89dcd3565701"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/636cc3bd12f499c74eaf5dc9a7d5b832f1bb24ed"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CVE-2026-23329 (GCVE-0-2026-23329)

Vulnerability from cvelistv5 – Published: 2026-03-25 10:27 – Updated: 2026-03-25 10:27

Title

libie: don't unroll if fwlog isn't supported

Summary

In the Linux kernel, the following vulnerability has been resolved: libie: don't unroll if fwlog isn't supported The libie_fwlog_deinit() function can be called during driver unload even when firmware logging was never properly initialized. This led to call trace: [ 148.576156] Oops: Oops: 0000 [#1] SMP NOPTI [ 148.576167] CPU: 80 UID: 0 PID: 12843 Comm: rmmod Kdump: loaded Not tainted 6.17.0-rc7next-queue-3oct-01915-g06d79d51cf51 #1 PREEMPT(full) [ 148.576177] Hardware name: HPE ProLiant DL385 Gen10 Plus/ProLiant DL385 Gen10 Plus, BIOS A42 07/18/2020 [ 148.576182] RIP: 0010:__dev_printk+0x16/0x70 [ 148.576196] Code: 1f 44 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 44 00 00 41 55 41 54 49 89 d4 55 48 89 fd 53 48 85 f6 74 3c <4c> 8b 6e 50 48 89 f3 4d 85 ed 75 03 4c 8b 2e 48 89 df e8 f3 27 98 [ 148.576204] RSP: 0018:ffffd2fd7ea17a48 EFLAGS: 00010202 [ 148.576211] RAX: ffffd2fd7ea17aa0 RBX: ffff8eb288ae2000 RCX: 0000000000000000 [ 148.576217] RDX: ffffd2fd7ea17a70 RSI: 00000000000000c8 RDI: ffffffffb68d3d88 [ 148.576222] RBP: ffffffffb68d3d88 R08: 0000000000000000 R09: 0000000000000000 [ 148.576227] R10: 00000000000000c8 R11: ffff8eb2b1a49400 R12: ffffd2fd7ea17a70 [ 148.576231] R13: ffff8eb3141fb000 R14: ffffffffc1215b48 R15: ffffffffc1215bd8 [ 148.576236] FS: 00007f5666ba6740(0000) GS:ffff8eb2472b9000(0000) knlGS:0000000000000000 [ 148.576242] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 148.576247] CR2: 0000000000000118 CR3: 000000011ad17000 CR4: 0000000000350ef0 [ 148.576252] Call Trace: [ 148.576258] <TASK> [ 148.576269] _dev_warn+0x7c/0x96 [ 148.576290] libie_fwlog_deinit+0x112/0x117 [libie_fwlog] [ 148.576303] ixgbe_remove+0x63/0x290 [ixgbe] [ 148.576342] pci_device_remove+0x42/0xb0 [ 148.576354] device_release_driver_internal+0x19c/0x200 [ 148.576365] driver_detach+0x48/0x90 [ 148.576372] bus_remove_driver+0x6d/0xf0 [ 148.576383] pci_unregister_driver+0x2e/0xb0 [ 148.576393] ixgbe_exit_module+0x1c/0xd50 [ixgbe] [ 148.576430] __do_sys_delete_module.isra.0+0x1bc/0x2e0 [ 148.576446] do_syscall_64+0x7f/0x980 It can be reproduced by trying to unload ixgbe driver in recovery mode. Fix that by checking if fwlog is supported before doing unroll.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/0138d1cdb19fa4918…
	https://git.kernel.org/stable/c/460c56ecbef57684a…
	https://git.kernel.org/stable/c/636cc3bd12f499c74…

Impacted products

Vendor

Product

Version

Linux

Affected: 641585bc978e0a1170ca8f12fbb1468b3874a2db , < 0138d1cdb19fa49181a5aaba32427f1787cb3935 (git)
Affected: 641585bc978e0a1170ca8f12fbb1468b3874a2db , < 460c56ecbef57684aad1d6af525b89dcd3565701 (git)
Affected: 641585bc978e0a1170ca8f12fbb1468b3874a2db , < 636cc3bd12f499c74eaf5dc9a7d5b832f1bb24ed (git)

Linux

Affected: 6.18
Unaffected: 0 , < 6.18 (semver)
Unaffected: 6.18.17 , ≤ 6.18.* (semver)
Unaffected: 6.19.7 , ≤ 6.19.* (semver)
Unaffected: 7.0-rc3 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/intel/libie/fwlog.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "0138d1cdb19fa49181a5aaba32427f1787cb3935",
              "status": "affected",
              "version": "641585bc978e0a1170ca8f12fbb1468b3874a2db",
              "versionType": "git"
            },
            {
              "lessThan": "460c56ecbef57684aad1d6af525b89dcd3565701",
              "status": "affected",
              "version": "641585bc978e0a1170ca8f12fbb1468b3874a2db",
              "versionType": "git"
            },
            {
              "lessThan": "636cc3bd12f499c74eaf5dc9a7d5b832f1bb24ed",
              "status": "affected",
              "version": "641585bc978e0a1170ca8f12fbb1468b3874a2db",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/intel/libie/fwlog.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.18"
            },
            {
              "lessThan": "6.18",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.18.*",
              "status": "unaffected",
              "version": "6.18.17",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.19.*",
              "status": "unaffected",
              "version": "6.19.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "7.0-rc3",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.18.17",
                  "versionStartIncluding": "6.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.19.7",
                  "versionStartIncluding": "6.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "7.0-rc3",
                  "versionStartIncluding": "6.18",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nlibie: don\u0027t unroll if fwlog isn\u0027t supported\n\nThe libie_fwlog_deinit() function can be called during driver unload\neven when firmware logging was never properly initialized. This led to call\ntrace:\n\n[  148.576156] Oops: Oops: 0000 [#1] SMP NOPTI\n[  148.576167] CPU: 80 UID: 0 PID: 12843 Comm: rmmod Kdump: loaded Not tainted 6.17.0-rc7next-queue-3oct-01915-g06d79d51cf51 #1 PREEMPT(full)\n[  148.576177] Hardware name: HPE ProLiant DL385 Gen10 Plus/ProLiant DL385 Gen10 Plus, BIOS A42 07/18/2020\n[  148.576182] RIP: 0010:__dev_printk+0x16/0x70\n[  148.576196] Code: 1f 44 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 44 00 00 41 55 41 54 49 89 d4 55 48 89 fd 53 48 85 f6 74 3c \u003c4c\u003e 8b 6e 50 48 89 f3 4d 85 ed 75 03 4c 8b 2e 48 89 df e8 f3 27 98\n[  148.576204] RSP: 0018:ffffd2fd7ea17a48 EFLAGS: 00010202\n[  148.576211] RAX: ffffd2fd7ea17aa0 RBX: ffff8eb288ae2000 RCX: 0000000000000000\n[  148.576217] RDX: ffffd2fd7ea17a70 RSI: 00000000000000c8 RDI: ffffffffb68d3d88\n[  148.576222] RBP: ffffffffb68d3d88 R08: 0000000000000000 R09: 0000000000000000\n[  148.576227] R10: 00000000000000c8 R11: ffff8eb2b1a49400 R12: ffffd2fd7ea17a70\n[  148.576231] R13: ffff8eb3141fb000 R14: ffffffffc1215b48 R15: ffffffffc1215bd8\n[  148.576236] FS:  00007f5666ba6740(0000) GS:ffff8eb2472b9000(0000) knlGS:0000000000000000\n[  148.576242] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[  148.576247] CR2: 0000000000000118 CR3: 000000011ad17000 CR4: 0000000000350ef0\n[  148.576252] Call Trace:\n[  148.576258]  \u003cTASK\u003e\n[  148.576269]  _dev_warn+0x7c/0x96\n[  148.576290]  libie_fwlog_deinit+0x112/0x117 [libie_fwlog]\n[  148.576303]  ixgbe_remove+0x63/0x290 [ixgbe]\n[  148.576342]  pci_device_remove+0x42/0xb0\n[  148.576354]  device_release_driver_internal+0x19c/0x200\n[  148.576365]  driver_detach+0x48/0x90\n[  148.576372]  bus_remove_driver+0x6d/0xf0\n[  148.576383]  pci_unregister_driver+0x2e/0xb0\n[  148.576393]  ixgbe_exit_module+0x1c/0xd50 [ixgbe]\n[  148.576430]  __do_sys_delete_module.isra.0+0x1bc/0x2e0\n[  148.576446]  do_syscall_64+0x7f/0x980\n\nIt can be reproduced by trying to unload ixgbe driver in recovery mode.\n\nFix that by checking if fwlog is supported before doing unroll."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-25T10:27:21.212Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/0138d1cdb19fa49181a5aaba32427f1787cb3935"
        },
        {
          "url": "https://git.kernel.org/stable/c/460c56ecbef57684aad1d6af525b89dcd3565701"
        },
        {
          "url": "https://git.kernel.org/stable/c/636cc3bd12f499c74eaf5dc9a7d5b832f1bb24ed"
        }
      ],
      "title": "libie: don\u0027t unroll if fwlog isn\u0027t supported",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2026-23329",
    "datePublished": "2026-03-25T10:27:21.212Z",
    "dateReserved": "2026-01-13T15:37:45.996Z",
    "dateUpdated": "2026-03-25T10:27:21.212Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

GHSA-W7X9-WQ5X-HGHJ

CVE-2026-23329 (GCVE-0-2026-23329)

Tags

Sightings

Nomenclature