Use-after-free in Linux kernel - CVE-2026-53185
Published: June 26, 2026
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to use-after-free in zram_bvec_write_partial() when processing partial writes for ZRAM_WB slots. A local user can trigger an asynchronous backing device read and subsequent access to a freed page to cause a denial of service.
The issue occurs because the read operation may still be in flight when the buffer page is freed.
How to mitigate CVE-2026-53185
Sources
- https://git.kernel.org/stable/c/0c2821665ff71be3f4b07ecece384669f2877f6a
- https://git.kernel.org/stable/c/198b5a14cca27263b9c14b20114c8092de15dfcb
- https://git.kernel.org/stable/c/732fd9f0b9c1cdc6dfd77162ded60df005182cc0
- https://git.kernel.org/stable/c/77a602b505ce4802915853cfc435a4722fab3e64
- https://git.kernel.org/stable/c/c96786d6ff1acc1d54d9241e97767554c1dfdd5b