Use-after-free in Linux kernel - CVE-2026-53228

 

Use-after-free in Linux kernel - CVE-2026-53228

Published: June 26, 2026


Vulnerability identifier: #VU135550
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2026-53228
CWE-ID: CWE-416
Exploitation vector: Local access
Exploit availability: No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel

Detailed vulnerability description

The vulnerability allows a local user to disclose sensitive information.

The vulnerability exists due to a use-after-free in the ipip6_tunnel_xmit() function in the SIT IPv6 tunneling implementation when handling GSO packets after offload processing. A local user can trigger transmission of a crafted packet to disclose sensitive information.

The issue occurs because a cached inner IPv6 header pointer may become stale if the skb head is moved during offload handling, and the stale pointer may later be used to read header fields.


How to mitigate CVE-2026-53228

Install security update from vendor's repository.

Sources