Use-after-free in Linux kernel - CVE-2026-53215
Published: June 26, 2026
Linux kernel
Detailed vulnerability description
The vulnerability allows a local attacker to cause a denial of service.
The vulnerability exists due to a use-after-free in the mvpp2 RX buffer handling in drivers/net/ethernet/marvell/mvpp2/mvpp2_main.c when processing received packets through XDP or skb paths. A local attacker can trigger packet processing that returns a retired buffer to the BM pool to cause a denial of service.
Hardware may DMA into memory that is no longer owned by the RX ring after the buffer has been recycled, redirected, queued for XDP_TX, or freed.
How to mitigate CVE-2026-53215
Sources
- https://git.kernel.org/stable/c/02e1b5c4d3b4c658b72c145427cded1bba613fc1
- https://git.kernel.org/stable/c/580f92f27cb8724bcc4be98ee89890eab524a2ae
- https://git.kernel.org/stable/c/5e8e2a9624df72fca7c736b2966b2cbf6c9c3ff6
- https://git.kernel.org/stable/c/8a2126c5afe89f8ceeb60a3afb9f075b736194cd
- https://git.kernel.org/stable/c/a03cdcedb2cbcc42551dc3e4746929e93c5352d5
- https://git.kernel.org/stable/c/a88b3293b556f4d8fba11db9a8061a6b0d3b69e6
- https://git.kernel.org/stable/c/d0c8c4fbd22d260fe28530260656c5fb3c20ce84