📧 info@ciso.sa | 📱 +966550939344 | Riyadh, Kingdom of Saudi Arabia
About FAQ Contact Us Terms of Service Privacy Policy 🌐 العربية
🔐

Welcome — Sign in or create an account for full access.

🔑 Sign In ✨ Register
🌐 العربية Sign In Create Account
🔧 Scheduled Maintenance — Saturday 2:00-4:00 AM AST. Some features may be temporarily unavailable.    ●   
💎
Pro Plan 50% Off Unlock all AI features, unlimited reports, and priority support. Upgrade
Search Center
ESC to close
navigate open Ctrl+K search
CISO Consulting
Global general Consumer Electronics and Retail MEDIUM 1h Global supply_chain Software Development and Technology HIGH 2h Global general Artificial Intelligence and Software Development LOW 3h Global general Artificial Intelligence and Cybersecurity MEDIUM 3h Global malware Software Development / Technology HIGH 3h Global vulnerability Information Technology HIGH 4h Global data_breach Water Utilities / Critical Infrastructure HIGH 4h Global general Cybersecurity Services HIGH 5h Global data_breach Pharmaceutical HIGH 5h Global vulnerability Technology, Artificial Intelligence CRITICAL 6h Global general Consumer Electronics and Retail MEDIUM 1h Global supply_chain Software Development and Technology HIGH 2h Global general Artificial Intelligence and Software Development LOW 3h Global general Artificial Intelligence and Cybersecurity MEDIUM 3h Global malware Software Development / Technology HIGH 3h Global vulnerability Information Technology HIGH 4h Global data_breach Water Utilities / Critical Infrastructure HIGH 4h Global general Cybersecurity Services HIGH 5h Global data_breach Pharmaceutical HIGH 5h Global vulnerability Technology, Artificial Intelligence CRITICAL 6h Global general Consumer Electronics and Retail MEDIUM 1h Global supply_chain Software Development and Technology HIGH 2h Global general Artificial Intelligence and Software Development LOW 3h Global general Artificial Intelligence and Cybersecurity MEDIUM 3h Global malware Software Development / Technology HIGH 3h Global vulnerability Information Technology HIGH 4h Global data_breach Water Utilities / Critical Infrastructure HIGH 4h Global general Cybersecurity Services HIGH 5h Global data_breach Pharmaceutical HIGH 5h Global vulnerability Technology, Artificial Intelligence CRITICAL 6h
Vulnerabilities

CVE-2026-43276

High
CWE-415 — Weakness Type
Published: May 6, 2026  ·  Modified: May 13, 2026  ·  Source: NVD
CVSS v3
7.8
🔗 NVD Official
📄 Description (English)

In the Linux kernel, the following vulnerability has been resolved:

net: mana: Fix double destroy_workqueue on service rescan PCI path

While testing corner cases in the driver, a use-after-free crash
was found on the service rescan PCI path.

When mana_serv_reset() calls mana_gd_suspend(), mana_gd_cleanup()
destroys gc->service_wq. If the subsequent mana_gd_resume() fails
with -ETIMEDOUT or -EPROTO, the code falls through to
mana_serv_rescan() which triggers pci_stop_and_remove_bus_device().
This invokes the PCI .remove callback (mana_gd_remove), which calls
mana_gd_cleanup() a second time, attempting to destroy the already-
freed workqueue. Fix this by NULL-checking gc->service_wq in
mana_gd_cleanup() and setting it to NULL after destruction.

Call stack of issue for reference:
[Sat Feb 21 18:53:48 2026] Call Trace:
[Sat Feb 21 18:53:48 2026] <TASK>
[Sat Feb 21 18:53:48 2026] mana_gd_cleanup+0x33/0x70 [mana]
[Sat Feb 21 18:53:48 2026] mana_gd_remove+0x3a/0xc0 [mana]
[Sat Feb 21 18:53:48 2026] pci_device_remove+0x41/0xb0
[Sat Feb 21 18:53:48 2026] device_remove+0x46/0x70
[Sat Feb 21 18:53:48 2026] device_release_driver_internal+0x1e3/0x250
[Sat Feb 21 18:53:48 2026] device_release_driver+0x12/0x20
[Sat Feb 21 18:53:48 2026] pci_stop_bus_device+0x6a/0x90
[Sat Feb 21 18:53:48 2026] pci_stop_and_remove_bus_device+0x13/0x30
[Sat Feb 21 18:53:48 2026] mana_do_service+0x180/0x290 [mana]
[Sat Feb 21 18:53:48 2026] mana_serv_func+0x24/0x50 [mana]
[Sat Feb 21 18:53:48 2026] process_one_work+0x190/0x3d0
[Sat Feb 21 18:53:48 2026] worker_thread+0x16e/0x2e0
[Sat Feb 21 18:53:48 2026] kthread+0xf7/0x130
[Sat Feb 21 18:53:48 2026] ? __pfx_worker_thread+0x10/0x10
[Sat Feb 21 18:53:48 2026] ? __pfx_kthread+0x10/0x10
[Sat Feb 21 18:53:48 2026] ret_from_fork+0x269/0x350
[Sat Feb 21 18:53:48 2026] ? __pfx_kthread+0x10/0x10
[Sat Feb 21 18:53:48 2026] ret_from_fork_asm+0x1a/0x30
[Sat Feb 21 18:53:48 2026] </TASK>

🤖 AI Executive Summary

CVE-2026-43276 is a use-after-free vulnerability in the Linux kernel's MANA (Microsoft Azure Network Adapter) driver affecting service rescan PCI paths. A double destroy_workqueue condition occurs when mana_gd_resume() fails, causing the PCI removal callback to attempt destroying an already-freed workqueue. This can lead to kernel crashes and potential privilege escalation on systems running affected kernel versions with MANA network adapters.

📄 Description (Arabic)

🤖 AI Intelligence Analysis Analyzed: May 11, 2026 03:18
🇸🇦 Saudi Arabia Impact Assessment
This vulnerability primarily affects Saudi organizations operating Azure cloud infrastructure or hybrid cloud deployments using MANA network adapters. High-risk sectors include: (1) Banking and Financial Services (SAMA-regulated institutions) relying on Azure for critical infrastructure; (2) Government entities (NCA oversight) using cloud-based services; (3) Telecommunications providers (STC, Mobily) with Azure backbone networks; (4) Energy sector (ARAMCO, utilities) with cloud-connected SCADA systems; (5) Healthcare institutions using Azure for patient data systems. The vulnerability enables kernel crashes leading to denial of service and potential local privilege escalation on affected Linux servers.
🏢 Affected Saudi Sectors
Banking and Financial Services Government and Public Administration Telecommunications Energy and Utilities Healthcare Cloud Service Providers Data Centers
⚖️ Saudi Risk Score (AI)
7.2
/ 10.0
🔧 Remediation Steps (English)
IMMEDIATE ACTIONS:

1. Identify all Linux servers running MANA driver (check: ethtool -i <interface> | grep driver)

2. Verify kernel version against affected versions (7.0-rc1 and related)

3. Implement network segmentation to limit PCI device hotplug operations



PATCHING GUIDANCE:

1. Apply Linux kernel security patch that adds NULL-checking in mana_gd_cleanup() function

2. Ensure gc->service_wq is set to NULL after workqueue destruction

3. Test patch in non-production environment before deployment

4. Schedule maintenance window for kernel updates on affected systems



COMPENSATING CONTROLS (if immediate patching unavailable):

1. Disable PCI hotplug functionality where operationally feasible

2. Restrict service rescan operations through driver parameter tuning

3. Implement kernel module reload restrictions via SELinux/AppArmor policies

4. Monitor system logs for mana driver errors and kernel panics



DETECTION RULES:

1. Monitor kernel logs for: "mana_gd_cleanup", "destroy_workqueue", "use-after-free"

2. Alert on unexpected kernel panics involving mana driver

3. Track PCI device removal events correlated with service rescan operations

4. Monitor for repeated mana driver initialization failures followed by device removal
🔧 خطوات المعالجة (العربية)
الإجراءات الفورية:

1. تحديد جميع خوادم Linux التي تعمل برنامج تشغيل MANA (تحقق: ethtool -i <interface> | grep driver)

2. التحقق من إصدار النواة مقابل الإصدارات المتأثرة (7.0-rc1 والإصدارات ذات الصلة)

3. تنفيذ تقسيم الشبكة لتحديد عمليات PCI hotplug



إرشادات التصحيح:

1. تطبيق تصحيح أمان نواة Linux الذي يضيف فحص NULL في دالة mana_gd_cleanup()

2. التأكد من تعيين gc->service_wq إلى NULL بعد تدمير workqueue

3. اختبار التصحيح في بيئة غير الإنتاج قبل النشر

4. جدولة نافذة صيانة لتحديثات النواة على الأنظمة المتأثرة



الضوابط البديلة (إذا لم يكن التصحيح الفوري متاحاً):

1. تعطيل وظيفة PCI hotplug حيث يكون ذلك ممكناً من الناحية التشغيلية

2. تقييد عمليات إعادة الفحص من خلال ضبط معاملات برنامج التشغيل

3. تنفيذ قيود إعادة تحميل وحدة النواة عبر سياسات SELinux/AppArmor

4. مراقبة سجلات النظام لأخطاء برنامج تشغيل mana وتوقف النواة



قواعد الكشف:

1. مراقبة سجلات النواة للبحث عن: "mana_gd_cleanup", "destroy_workqueue", "use-after-free"

2. تنبيه عند توقف النواة غير المتوقع الذي يتضمن برنامج تشغيل mana

3. تتبع أحداث إزالة أجهزة PCI المرتبطة بعمليات إعادة الفحص

4. مراقبة فشل تهيئة برنامج تشغيل mana المتكرر متبوعاً بإزالة الجهاز
📋 Regulatory Compliance Mapping
🟢 NCA ECC 2024
ECC 2024 A.12.6.1 - Management of changes to information systems ECC 2024 A.12.2.1 - Change management procedures ECC 2024 A.14.2.1 - Secure development policy
🔵 SAMA CSF
SAMA CSF ID.BE-3.1 - Organizational resilience objectives SAMA CSF PR.IP-1.1 - System development and acquisition SAMA CSF DE.CM-1.1 - Detection processes and tools
🟡 ISO 27001:2022
ISO 27001:2022 A.12.6.1 - Management of changes ISO 27001:2022 A.14.2.1 - Secure development policy ISO 27001:2022 A.8.2.3 - Segregation of duties
🟣 PCI DSS v4.0.1
PCI DSS 6.2 - Security patches and updates PCI DSS 6.3.1 - Vulnerability management program
📦 Affected Products / CPE 3 entries
linux:linux_kernel
linux:linux_kernel
linux:linux_kernel:7.0
📊 CVSS Score
7.8
/ 10.0 — High
📊 CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack VectorL — Low / Local
Attack ComplexityL — Low / Local
Privileges RequiredL — Low / Local
User InteractionN — None / Network
ScopeU — Unchanged
ConfidentialityH — High
IntegrityH — High
AvailabilityH — High
📋 Quick Facts
Severity High
CVSS Score7.8
CWECWE-415
EPSS0.01%
Exploit No
Patch ✓ Yes
Published 2026-05-06
Source Feed nvd
🇸🇦 Saudi Risk Score
7.2
/ 10.0 — Saudi Risk
Priority: HIGH
🏷️ Tags
patch-available CWE-415
⚡ Actions
🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details
Share this CVE
LinkedIn X / Twitter WhatsApp Telegram
📣 Found this valuable?
Share it with your cybersecurity network
in LinkedIn 𝕏 X / Twitter 💬 WhatsApp ✈ Telegram
🍪 Privacy Preferences
CISO Consulting — Compliant with Saudi Personal Data Protection Law (PDPL)
We use cookies and similar technologies to provide the best experience on our platform. You can choose which types you accept.
🔒
Essential Always On
Required for the website to function properly. Cannot be disabled.
📋 Sessions, CSRF tokens, authentication, language preferences
📊
Analytics
Help us understand how visitors use the site and improve performance.
📋 Page views, session duration, traffic sources, performance metrics
⚙️
Functional
Enable enhanced features like content personalization and preferences.
📋 Dark/light theme, font size, custom dashboards, saved filters
📣
Marketing
Used to deliver content and ads relevant to your interests.
📋 Campaign tracking, retargeting, social media analytics
Privacy Policy →
CISO AI Assistant
Ask anything · Documents · Support
🔐

Introduce Yourself

Enter your details to access the full assistant

Your info is private and never shared
💬
CyberAssist
Online · responds in seconds
5 / 5
🔐 Verify Your Identity

Enter your email to receive a verification code before submitting a support request.

Enter to send · / for commands 0 / 2000
CISO AI · Powered by Anthropic Claude
✦ Quick Survey Help Us Improve CISO Consulting Your feedback shapes the future of our platform — takes less than 2 minutes.
⚠ Please answer this question to continue

How would you rate your overall experience with our platform?

Rate from 1 (poor) to 5 (excellent)

🎉
Thank you!
Your response has been recorded.