SB2026062967 - Double free in Linux kernel mailbox driver
Published: June 29, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Double free (CVE-ID: CVE-2026-53294)
CWE-ID: CWE-415 - Double Free
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to double free in mailbox-test channel handling when freeing reused channels. A local user can trigger the mailbox-test logic with an aliased RX and TX channel configuration to cause a denial of service.
The issue occurs in the special case where the RX channel is aliased to the TX channel with different MMIO.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/240c71a2aea36a1a4210f911a1c32ea88777e8e4
- https://git.kernel.org/stable/c/3afca89fae501dbd7421e1777b5b8f033b1d98d0
- https://git.kernel.org/stable/c/5c209299b0113e289e238fa5f2e8f00c59f76060
- https://git.kernel.org/stable/c/5d4f3d0f64f1016cb78b400a70b67df91fac99b5
- https://git.kernel.org/stable/c/82f6dcea46cf5de65c4ba7283f7c7b34de4a324d
- https://git.kernel.org/stable/c/88ebadbf0deefdaccdab868b44ff70a0a257f473
- https://git.kernel.org/stable/c/c494a11da45ad7ec9b0ff216c3e3ace351193bb6
- https://git.kernel.org/stable/c/fc0089f82c3e36060c2c79156bc2018bfb16b56b