Use-after-free in Linux kernel - CVE-2026-53161
Published: June 26, 2026
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to a use-after-free in the fastrpc workqueue cleanup path when processing DSP responses during file descriptor release. A local user can trigger a race by closing the file descriptor while an in-flight DSP invocation completes to cause a denial of service.
The issue occurs because context cleanup may run in parallel with device release after the user structure has already been freed.
How to mitigate CVE-2026-53161
Sources
- https://git.kernel.org/stable/c/5278ccd357e0d7aeeb1e76c0f3e0e02894a9897c
- https://git.kernel.org/stable/c/c6e5c2be09f814377d7f1ce97370a5b7b3e02814
- https://git.kernel.org/stable/c/d42679eef34dd590b694ce3b666c5e2ba10cd4bf
- https://git.kernel.org/stable/c/df08fadcf0e5f3708365ec3b6d30b5aafd98bea1
- https://git.kernel.org/stable/c/e1e3a05efe5954d5bad01157d79429d39a67a7ae
- https://git.kernel.org/stable/c/e85eb5feca8e254905ffa6c57a3c99c89a674a0f
- https://git.kernel.org/stable/c/ecea4967c2bff92c2fafbc59893f711b39f7b152
- https://git.kernel.org/stable/c/fbe0947420eec18a84638d29468c2d563ce4e6a3