CVE-2026-53156

HIGH

nvmem: core: fix use-after-free bugs in error paths

Title source: cna
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: nvmem: core: fix use-after-free bugs in error paths Fix several instances of error paths in which we call __nvmem_device_put() - which may end up freeing the underlying memory and other resources - and then keep on using the nvmem structure. Always put the reference to the nvmem device as the last step before returning the error code.

Scores

CVSS v3 7.8
EPSS 0.0013
EPSS Percentile 2.6%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-416
Status published
Products (15)
linux/Kernel 4.20.0 - 6.12.94linux
linux/Kernel 6.13.0 - 6.18.36linux
linux/Kernel 6.19.0 - 7.0.13linux
Linux/Linux < 4.20
Linux/Linux 4.20
Linux/Linux 6.12.94 - 6.12.*
Linux/Linux 6.18.36 - 6.18.*
Linux/Linux 7.0.13 - 7.0.*
Linux/Linux 7.1
Linux/Linux e888d445ac33a5b0288d670ecd970908b13f07cd - 40e2a459c0dd1333b2343831480a0ad80dc07614
... and 5 more
Published Jun 25, 2026
Tracked Since Jun 25, 2026