Description
In the Linux kernel, the following vulnerability has been resolved:

s390/cio: use generic driver_override infrastructure

When a driver is probed through __driver_attach(), the bus' match()
callback is called without the device lock held, thus accessing the
driver_override field without a lock, which can cause a UAF.

Fix this by using the driver-core driver_override infrastructure taking
care of proper locking internally.

Note that calling match() from __driver_attach() without the device lock
held is intentional. [1]
Published: 2026-06-24
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A race condition exists in the Linux kernel where the __driver_attach() function calls a bus match() callback without holding the device lock. This race allows reading the driver_override field without proper synchronization, causing a Use‑After‑Free (CWE‑416) situation that can destabilize the kernel or enable privilege escalation. The vulnerability directly targets the s390 architecture’s CIO subsystem and manifests when a driver is probed during system or module initialization.

Affected Systems

Linux kernel operating systems with the s390 architecture are affected. However, the advisory does not list specific kernel release numbers; it is therefore unknown which particular releases contain the vulnerability. All kernels that include the s390 CIO subsystem before the fix may be impacted until the patch is applied.

Risk and Exploitability

The CVSS score is 5.5, and the EPSS score is < 1%, so the exact likelihood of exploitation is very low but non‑zero. The vulnerability is not listed in the CISA KEV catalog. The lack of specific version information makes it difficult to determine the exact scope of affected releases. However, because it involves a race condition that can lead to a use‑after‑free during driver probing, a local attacker with the ability to influence driver loading can potentially replay the race condition to destabilize the system or exploit kernel memory, making the risk significant for privileged users or environments with loaded drivers.

Generated by OpenCVE AI on June 26, 2026 at 02:14 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Linux kernel to the latest release where the s390 CIO driver override bug is fixed and proper locking is added.
  • Audit all loaded drivers and disable unused or untrusted drivers that may be subject to a race on probe or unload.
  • Configure system policies to limit the use of driver_override and enforce proper driver registration through the driver‑core infrastructure.

Generated by OpenCVE AI on June 26, 2026 at 02:14 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 26 Jun 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-366
References
Metrics threat_severity

None

cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Moderate


Wed, 24 Jun 2026 22:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-416

Wed, 24 Jun 2026 17:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: s390/cio: use generic driver_override infrastructure When a driver is probed through __driver_attach(), the bus' match() callback is called without the device lock held, thus accessing the driver_override field without a lock, which can cause a UAF. Fix this by using the driver-core driver_override infrastructure taking care of proper locking internally. Note that calling match() from __driver_attach() without the device lock held is intentional. [1]
Title s390/cio: use generic driver_override infrastructure
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-06-24T16:30:48.645Z

Reserved: 2026-06-09T07:44:35.385Z

Link: CVE-2026-53117

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-06-24T00:00:00Z

Links: CVE-2026-53117 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-26T02:15:15Z

Weaknesses