Use-after-free in Linux kernel - CVE-2026-53033
Published: June 25, 2026
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to a use-after-free in unix_stream_bpf_update_proto() when processing BPF iterator updates to a sockmap during a unix socket state transition. A local user can trigger a race condition to cause a denial of service.
The issue occurs when the peer pointer becomes stale during the transition from TCP_ESTABLISHED to TCP_CLOSE.
How to mitigate CVE-2026-53033
Sources
- https://git.kernel.org/stable/c/1a59cc6b65fd3ad9915aae5970d859109d4ce9fb
- https://git.kernel.org/stable/c/64c2f93fc3254d3bf5de4445fb732ee5c451edb6
- https://git.kernel.org/stable/c/921920c34cb591947dd30c692500795a69f1e3fa
- https://git.kernel.org/stable/c/98f744d204e5d6fca589cd2c44c3190a0c71697f
- https://git.kernel.org/stable/c/c6f4015eac2e3cbc3cb7a17539e10bbb5c2049c3
- https://git.kernel.org/stable/c/d0d124dbcef9318e326956137b31671407094bd4