SB20260626181 - Use-after-free in Linux kernel phonet
Published: June 26, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Use-after-free (CVE-ID: CVE-2026-53157)
CWE-ID: CWE-416 - Use After Free
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to use-after-free in phonet_device_destroy() when walking the per-net phonet device list with RCU readers after device removal. A local user can trigger destruction of a phonet_device while concurrent readers still hold a stale pointer to cause a denial of service.
The issue arises because the object is removed with RCU list semantics but may be freed before the RCU grace period has elapsed.
Remediation
Install update from vendor's website.