CVE Catalog

CVE-2026-53157

HighCVSS 7.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.14%

3th percentile - higher than 3% of all known CVEs

Summary

In the Linux kernel, a vulnerability in the Phonet subsystem was found where phonet_device_destroy() removes a phonet_device from the per-net list using list_del_rcu() but frees it immediately, while RCU readers may still hold a pointer, leading to a slab-use-after-free.

Risk Assessment

The organization risks system crashes or privilege escalation if an attacker exploits the race window between removal and actual memory freeing, potentially leading to data integrity compromise or arbitrary code execution.

Recommendation

Immediately update the Linux kernel to a version containing the fix that replaces direct kfree() with kfree_rcu() to ensure safe memory deallocation after the RCU grace period.

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: net: phonet: free phonet_device after RCU grace period phonet_device_destroy() removes a phonet_device from the per-net device list with list_del_rcu(), but frees it immediately. RCU readers walking the same list can still hold a pointer to the object after it has been removed, leading to a slab-use-after-free. Use kfree_rcu(), matching the lifetime rule already used by phonet_address_del() for the same object type.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS