SB20260626112 - Use-after-free in Linux kernel marvell mvpp2 driver
Published: June 26, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Use-after-free (CVE-ID: CVE-2026-53215)
CWE-ID: CWE-416 - Use After Free
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local attacker to cause a denial of service.
The vulnerability exists due to a use-after-free in the mvpp2 RX buffer handling in drivers/net/ethernet/marvell/mvpp2/mvpp2_main.c when processing received packets through XDP or skb paths. A local attacker can trigger packet processing that returns a retired buffer to the BM pool to cause a denial of service.
Hardware may DMA into memory that is no longer owned by the RX ring after the buffer has been recycled, redirected, queued for XDP_TX, or freed.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/02e1b5c4d3b4c658b72c145427cded1bba613fc1
- https://git.kernel.org/stable/c/580f92f27cb8724bcc4be98ee89890eab524a2ae
- https://git.kernel.org/stable/c/5e8e2a9624df72fca7c736b2966b2cbf6c9c3ff6
- https://git.kernel.org/stable/c/8a2126c5afe89f8ceeb60a3afb9f075b736194cd
- https://git.kernel.org/stable/c/a03cdcedb2cbcc42551dc3e4746929e93c5352d5
- https://git.kernel.org/stable/c/a88b3293b556f4d8fba11db9a8061a6b0d3b69e6
- https://git.kernel.org/stable/c/d0c8c4fbd22d260fe28530260656c5fb3c20ce84