CVE Catalog

CVE-2026-53156

HighCVSS 7.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.17%

6th percentile — higher than 6% of all known CVEs

Summary

A use-after-free vulnerability was found in the Linux kernel's NVMEM subsystem. Error handling paths incorrectly use the nvmem structure after freeing its memory, potentially leading to security breaches.

Risk Assessment

An attacker could exploit this vulnerability to gain unauthorized access to kernel memory, potentially leading to privilege escalation or sensitive data leakage.

Recommendation

Immediately update the Linux kernel to a version containing the fix that eliminates use-after-free bugs in the NVMEM subsystem.

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: nvmem: core: fix use-after-free bugs in error paths Fix several instances of error paths in which we call __nvmem_device_put() - which may end up freeing the underlying memory and other resources - and then keep on using the nvmem structure. Always put the reference to the nvmem device as the last step before returning the error code.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS