CVE-2026-53294
HighCVSS 7.8Exploitation Probability (EPSS)
Low risk3th percentile — higher than 3% of all known CVEs
Summary
In the Linux kernel, the mailbox-test driver has a double-free vulnerability when the RX channel is aliased to the TX channel with different MMIO. Freeing both channels triggers the bug.
Risk Assessment
A double-free memory error can lead to system crashes or potential local privilege escalation by corrupting kernel structures.
Recommendation
Immediately update the Linux kernel to a version containing the fix (commit addressing the issue in drivers/mailbox/mailbox-test.c).
Original NVD description (English source)
In the Linux kernel, the following vulnerability has been resolved: mailbox: mailbox-test: don't free the reused channel The RX channel can be aliased to the TX channel if it has a different MMIO. This special case needs to be handled when freeing the channels otherwise a double-free occurs.

