Use-after-free in Linux kernel - CVE-2026-53248
Published: June 26, 2026
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to use-after-free in airoha metadata dst teardown in the airoha network driver when processing received packets that retain a non-refcounted metadata_dst pointer. A local user can trigger teardown while stale skb dst references remain to cause a denial of service.
The issue arises because skb_dst_set_noref() requires RCU read-side protection and the destination object must remain valid until all RCU readers have completed.