CVE-2026-53239 | In the Linux kernel, the following vulnerability has been re…

Description

In the Linux kernel, the following vulnerability has been resolved: xfrm: policy: fix use-after-free on inexact bin in xfrm_policy_bysel_ctx() Fix the race by pruning the bin while still holding xfrm_policy_lock, before dropping it. Use __xfrm_policy_inexact_prune_bin() directly since the lock is already held. The wrapper xfrm_policy_inexact_prune_bin() becomes unused and is removed. Race: CPU0 (XFRM_MSG_DELPOLICY) CPU1 (XFRM_MSG_NEWSPDINFO) ========================== ========================== xfrm_policy_bysel_ctx(): spin_lock_bh(xfrm_policy_lock) bin = xfrm_policy_inexact_lookup() __xfrm_policy_unlink(pol) spin_unlock_bh(xfrm_policy_lock) xfrm_policy_kill(ret) // wide window, lock not held xfrm_hash_rebuild(): spin_lock_bh(xfrm_policy_lock) __xfrm_policy_inexact_flush(): kfree_rcu(bin) // bin freed spin_unlock_bh(xfrm_policy_lock) xfrm_policy_inexact_prune_bin(bin) // UAF: bin is freed

Metadata

CVE ID: CVE-2026-53239
State: PUBLISHED
Assigner: Linux
Reserved: 2026-06-09 07:44 UTC
Published: 2026-06-25 08:39 UTC
Last updated: 2026-06-25 08:39 UTC
Vendor / Product: Linux / Linux
Sources: cve.org · NVD

Severity & Metrics

No CVSS data available.

Affected products (2)

Vendor	Product	Platform	Versions
Linux	Linux	—	6be3b0db6db82cf056a72cc18042048edd27f8ee < 8fc536e9f6856230f19c7d13e71af064b6a77b22, 6be3b0db6db82cf056a72cc18042048edd27f8ee < c4c1ea36d83bf3c4569468ca5b8b614fda1bf821, 6be3b0db6db82cf056a72cc18042048edd27f8ee < 25c8c7fb3b0b9668c7d05e209f58c158d2b020c7, 6be3b0db6db82cf056a72cc18042048edd27f8ee < 42827d03f8009a6a218bacab153e21f39d6a121c …
Linux	Linux	—	5.0, 0 < 5.0, 5.10.259 ≤ 5.10., 5.15.210 ≤ 5.15. …

References (8)