Use-after-free in Linux kernel - CVE-2026-52982
Published: June 25, 2026
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to a use-after-free in rtl8150_start_xmit() when submitting a USB transmit URB and updating transmit statistics. A local user can trigger concurrent URB completion to cause a denial of service.
The issue is caused by reading skb->len after usb_submit_urb() returns, while the skb may already have been freed by the completion path on another CPU in softirq context.
How to mitigate CVE-2026-52982
Sources
- https://git.kernel.org/stable/c/23f0e34c64acba15cad4d23e50f41f533da195fa
- https://git.kernel.org/stable/c/24831b0b2ada9fef18d1f486b7b7c444ee5ba637
- https://git.kernel.org/stable/c/30cf9829d09ca958279c937af8e35495cd2f1e09
- https://git.kernel.org/stable/c/423b5b86e14e190f6e3161eb5f2ea5f908295ba7
- https://git.kernel.org/stable/c/4dd7eb94f79486b77ca6b4c8676aedbc465dc802
- https://git.kernel.org/stable/c/5af290c86fa81ddbc86a08d54229af5daa40c6a4
- https://git.kernel.org/stable/c/5db090ca07b28a63fb1499690cf19a3f3adafacb
- https://git.kernel.org/stable/c/6999d70e0eda39af029fa1891c48f0a8832b09d5