CVE-2026-53118 | In the Linux kernel, the following vulnerability has been re…

Description

In the Linux kernel, the following vulnerability has been resolved: vdpa: use generic driver_override infrastructure When a driver is probed through __driver_attach(), the bus' match() callback is called without the device lock held, thus accessing the driver_override field without a lock, which can cause a UAF. Fix this by using the driver-core driver_override infrastructure taking care of proper locking internally. Note that calling match() from __driver_attach() without the device lock held is intentional. [1]

Metadata

CVE ID: CVE-2026-53118
State: PUBLISHED
Assigner: Linux
Reserved: 2026-06-09 07:44 UTC
Published: 2026-06-24 16:30 UTC
Last updated: 2026-06-24 16:30 UTC
Vendor / Product: Linux / Linux
Sources: cve.org · NVD

Severity & Metrics

No CVSS data available.

Affected products (2)

Vendor	Product	Platform	Versions
Linux	Linux	—	539fec78edb4e084e7c532affc56cc42d4ceea4b < 654ef9c33e138ede6734ac286282df9faf83cd11, 539fec78edb4e084e7c532affc56cc42d4ceea4b < fb5cb4913ce333cc4647722e8c2b8378e12f2464, 539fec78edb4e084e7c532affc56cc42d4ceea4b < 85bb534ff12aab6916058897b39c748940a7a4c6
Linux	Linux	—	5.17, 0 < 5.17, 6.18.33 ≤ 6.18., 7.0.10 ≤ 7.0. …

References (3)