CVE-2026-53156
HighCVSS 7.8Exploitation Probability (EPSS)
Low risk6th percentile — higher than 6% of all known CVEs
Summary
A use-after-free vulnerability was found in the Linux kernel's NVMEM subsystem. Error handling paths incorrectly use the nvmem structure after freeing its memory, potentially leading to security breaches.
Risk Assessment
An attacker could exploit this vulnerability to gain unauthorized access to kernel memory, potentially leading to privilege escalation or sensitive data leakage.
Recommendation
Immediately update the Linux kernel to a version containing the fix that eliminates use-after-free bugs in the NVMEM subsystem.
Original NVD description (English source)
In the Linux kernel, the following vulnerability has been resolved: nvmem: core: fix use-after-free bugs in error paths Fix several instances of error paths in which we call __nvmem_device_put() - which may end up freeing the underlying memory and other resources - and then keep on using the nvmem structure. Always put the reference to the nvmem device as the last step before returning the error code.

