CVE-2026-53157
Last modified
CVE-2026-53157 is a vulnerability of currently unknown severity. In the Linux kernel, the following vulnerability has been resolved: net: phonet: free phonet_device after RCU grace period phonet_device_destroy() removes a phonet_device from the per-net device list with list_del_rcu(), but frees it immediately. RCU readers walking the same list can still hold a pointer to the object after it has been removed, leading to a slab-use-after-free. Use kfree_rcu(), matching the lifetime rule already used by phonet_address_del() for the same object type.. EPSS estimates a 0.17% chance of exploitation in the next 30 days.
Description
In the Linux kernel, the following vulnerability has been resolved: net: phonet: free phonet_device after RCU grace period phonet_device_destroy() removes a phonet_device from the per-net device list with list_del_rcu(), but frees it immediately. RCU readers walking the same list can still hold a pointer to the object after it has been removed, leading to a slab-use-after-free. Use kfree_rcu(), matching the lifetime rule already used by phonet_address_del() for the same object type.
Metrics
References
Timeline
- Published
- Last Modified
- Status
- Received
Frequently Asked Questions
What is CVE-2026-53157?
How severe is CVE-2026-53157?
How do I fix CVE-2026-53157?
Are you affected by CVE-2026-53157?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST