Use-after-free in Linux kernel - CVE-2026-53272
Published: June 26, 2026
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to a use-after-free in z_erofs_decompress_kickoff() when racing I/O completion with filesystem unmount. A local user can trigger the race condition to cause a denial of service.
The issue involves access to sbi->sync_decompress after the superblock information has been freed during unmount.