SB20260626185 - Use-after-free in Linux kernel misc driver
Published: June 26, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Use-after-free (CVE-ID: CVE-2026-53161)
CWE-ID: CWE-416 - Use After Free
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to a use-after-free in the fastrpc workqueue cleanup path when processing DSP responses during file descriptor release. A local user can trigger a race by closing the file descriptor while an in-flight DSP invocation completes to cause a denial of service.
The issue occurs because context cleanup may run in parallel with device release after the user structure has already been freed.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/5278ccd357e0d7aeeb1e76c0f3e0e02894a9897c
- https://git.kernel.org/stable/c/c6e5c2be09f814377d7f1ce97370a5b7b3e02814
- https://git.kernel.org/stable/c/d42679eef34dd590b694ce3b666c5e2ba10cd4bf
- https://git.kernel.org/stable/c/df08fadcf0e5f3708365ec3b6d30b5aafd98bea1
- https://git.kernel.org/stable/c/e1e3a05efe5954d5bad01157d79429d39a67a7ae
- https://git.kernel.org/stable/c/e85eb5feca8e254905ffa6c57a3c99c89a674a0f
- https://git.kernel.org/stable/c/ecea4967c2bff92c2fafbc59893f711b39f7b152
- https://git.kernel.org/stable/c/fbe0947420eec18a84638d29468c2d563ce4e6a3