CVE-2026-23063

About vulnerability

In the Linux kernel, the following vulnerability has been resolved:

uacce: ensure safe queue release with state management

Directly calling put_queue carries risks since it cannot guarantee that resources of uacce_queue have been fully released beforehand. So adding a stop_queue operation for the UACCE_CMD_PUT_Q command and leaving the put_queue operation to the final resource release ensures safety.

Queue states are defined as follows:

• UACCE_Q_ZOMBIE: Initial state
• UACCE_Q_INIT: After opening uacce
• UACCE_Q_STARTED: After start is issued via ioctl

When executing poweroff -f in virt while accelerator are still working, uacce_fops_release and uacce_remove may execute concurrently. This can cause uacce_put_queue within uacce_fops_release to access a NULL ops pointer. Therefore, add state checks to prevent accessing freed pointers.

Affected product:

AlmaLinux 9.2 ESU , TuxCare 9.6 ESU , Ubuntu 20.04 ELS

Affected packages:

linux @ 5.4.0 (+2 more)

In the Linux kernel, the following vulnerability has been resolved:

uacce: ensure safe queue release with state management

Directly calling put_queue carries risks since it cannot guarantee that resources of uacce_queue have been fully released beforehand. So adding a stop_queue operation for the UACCE_CMD_PUT_Q command and leaving the put_queue operation to the final resource release ensures safety.

Queue states are defined as follows:

• UACCE_Q_ZOMBIE: Initial state
• UACCE_Q_INIT: After opening uacce
• UACCE_Q_STARTED: After start is issued via ioctl

When executing poweroff -f in virt while accelerator are still working, uacce_fops_release and uacce_remove may execute concurrently. This can cause uacce_put_queue within uacce_fops_release to access a NULL ops pointer. Therefore, add state checks to prevent accessing freed pointers.