Description
In the Linux kernel, the following vulnerability has been resolved: nvmem: core: fix use-after-free bugs in error paths Fix several instances of error paths in which we call __nvmem_device_put() - which may end up freeing the underlying memory and other resources - and then keep on using the nvmem structure. Always put the reference to the nvmem device as the last step before returning the error code.
References (4)
Core 4
Core References
Scores
CVSS v3
7.8
EPSS
0.0013
EPSS Percentile
2.6%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-416
Status
published
Products (15)
linux/Kernel
4.20.0 - 6.12.94linux
linux/Kernel
6.13.0 - 6.18.36linux
linux/Kernel
6.19.0 - 7.0.13linux
Linux/Linux
< 4.20
Linux/Linux
4.20
Linux/Linux
6.12.94 - 6.12.*
Linux/Linux
6.18.36 - 6.18.*
Linux/Linux
7.0.13 - 7.0.*
Linux/Linux
7.1
Linux/Linux
e888d445ac33a5b0288d670ecd970908b13f07cd - 40e2a459c0dd1333b2343831480a0ad80dc07614
... and 5 more
Published
Jun 25, 2026
Tracked Since
Jun 25, 2026