SB2026062940 - Use-after-free in Linux kernel pinctrl driver
Published: June 29, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Use-after-free (CVE-ID: CVE-2026-53308)
CWE-ID: CWE-416 - Use After Free
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to use-after-free in the max77705 power supply driver workqueue handling when processing an interrupt during driver probe error handling or device removal. A local user can trigger an interrupt in this time window to execute arbitrary code.
The issue occurs because the interrupt handler can schedule work after the workqueue has already been destroyed but before the interrupt handler is freed.
Remediation
Install update from vendor's website.