NULL pointer dereference in Linux kernel - CVE-2026-53165
Published: June 26, 2026
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to a null pointer dereference race condition in iomap_finish_folio_read() when reporting buffered read errors during concurrent read completion and truncate operations. A local user can trigger a buffered read failure while racing read completion with truncate activity to cause a denial of service.
The issue occurs because the folio can be unlocked and detached before the error reporting path dereferences folio->mapping.