In the Linux kernel, the following vulnerability has been...
High severity
Unreviewed
Published
Apr 25, 2026
to the GitHub Advisory Database
•
Updated May 6, 2026
Description
Published by the National Vulnerability Database
Apr 25, 2026
Published to the GitHub Advisory Database
Apr 25, 2026
Last updated
May 6, 2026
In the Linux kernel, the following vulnerability has been resolved:
openvswitch: defer tunnel netdev_put to RCU release
ovs_netdev_tunnel_destroy() may run after NETDEV_UNREGISTER already
detached the device. Dropping the netdev reference in destroy can race
with concurrent readers that still observe vport->dev.
Do not release vport->dev in ovs_netdev_tunnel_destroy(). Instead, let
vport_netdev_free() drop the reference from the RCU callback, matching
the non-tunnel destroy path and avoiding additional synchronization
under RTNL.
References