Use-after-free in Linux kernel - CVE-2026-53308

 

Use-after-free in Linux kernel - CVE-2026-53308

Published: June 29, 2026


Vulnerability identifier: #VU135720
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2026-53308
CWE-ID: CWE-416
Exploitation vector: Local access
Exploit availability: No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel

Detailed vulnerability description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to use-after-free in the max77705 power supply driver workqueue handling when processing an interrupt during driver probe error handling or device removal. A local user can trigger an interrupt in this time window to execute arbitrary code.

The issue occurs because the interrupt handler can schedule work after the workqueue has already been destroyed but before the interrupt handler is freed.


How to mitigate CVE-2026-53308

Install security update from vendor's repository.

Sources