CVE Catalog

CVE-2026-53296

HighCVSS 7.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.13%

3th percentile — higher than 3% of all known CVEs

Summary

In the Linux kernel, the mailbox-test driver fails to free channels on probe error, causing a memory leak and potential use-after-free (UAF) scenarios because the client structure is removed automatically by devm.

Risk Assessment

The organization faces memory leaks and system instability, potentially leading to crashes or unexpected behavior during mailbox-test driver initialization errors.

Recommendation

Immediately update the Linux kernel to a version containing the fix that ensures channels are freed on probe error in the mailbox-test driver.

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: mailbox: mailbox-test: free channels on probe error On probe error, free the previously obtained channels. This not only prevents a leak, but also UAF scenarios because the client structure will be removed nonetheless because it was allocated with devm.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS