Description
In the Linux kernel, the following vulnerability has been resolved:

vdpa: use generic driver_override infrastructure

When a driver is probed through __driver_attach(), the bus' match()
callback is called without the device lock held, thus accessing the
driver_override field without a lock, which can cause a UAF.

Fix this by using the driver-core driver_override infrastructure taking
care of proper locking internally.

Note that calling match() from __driver_attach() without the device lock
held is intentional. [1]
Published: 2026-06-24
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A race condition in the Linux vdpa driver allows the bus match callback to read the driver_override field without holding the device lock. This unsynchronized access can trigger a use‑after‑free, corrupting kernel memory and potentially enabling an attacker to execute arbitrary code with kernel privileges.

Affected Systems

All Linux kernel builds that contain the vdpa driver and have not applied the patch that redirects driver_override accesses to the driver‑core infrastructure. No specific kernel release numbers are provided; affected systems remain vulnerable until the patch from commit 654ef9c33e… is incorporated.

Risk and Exploitability

The CVSS score of 5.5 indicates moderate severity, and the EPSS score of less than 1% suggests a low but non‑zero exploitation probability. KEV has not listed this vulnerability, so there is no public catalog of known exploits. A kernel‑level use‑after‑free of this nature can permit local privilege escalation if an attacker can influence device probing or memory layout, so systems lacking the fix are considered at moderate risk until the kernel is updated.

Generated by OpenCVE AI on June 26, 2026 at 04:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to a Linux kernel version that includes the driver‑override fix introduced by commit 654ef9c33e…
  • Reboot the system to load the updated kernel
  • If an immediate kernel upgrade is not possible, disable the vdpa driver by removing it from the kernel configuration or unbinding any running virtual devices to prevent the problematic driver from being probed until the fix is available.

Generated by OpenCVE AI on June 26, 2026 at 04:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 26 Jun 2026 03:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-416

Fri, 26 Jun 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-413
References
Metrics threat_severity

None

cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Moderate


Wed, 24 Jun 2026 21:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-416

Wed, 24 Jun 2026 17:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: vdpa: use generic driver_override infrastructure When a driver is probed through __driver_attach(), the bus' match() callback is called without the device lock held, thus accessing the driver_override field without a lock, which can cause a UAF. Fix this by using the driver-core driver_override infrastructure taking care of proper locking internally. Note that calling match() from __driver_attach() without the device lock held is intentional. [1]
Title vdpa: use generic driver_override infrastructure
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-06-24T16:30:49.308Z

Reserved: 2026-06-09T07:44:35.385Z

Link: CVE-2026-53118

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-06-24T00:00:00Z

Links: CVE-2026-53118 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-26T04:30:17Z

Weaknesses
  • CWE-413

    Improper Resource Locking