Use-after-free in Linux kernel - CVE-2026-53120
Published: June 25, 2026
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to a use-after-free in the pci driver matching logic when probing a driver through __driver_attach__(). A local user can trigger concurrent access to the driver_override field to cause a denial of service.
The issue occurs because the bus match callback accesses driver_override without the device lock held.