Description
In the Linux kernel, the following vulnerability has been resolved:

platform/wmi: use generic driver_override infrastructure

When a driver is probed through __driver_attach(), the bus' match()
callback is called without the device lock held, thus accessing the
driver_override field without a lock, which can cause a UAF.

Fix this by using the driver-core driver_override infrastructure taking
care of proper locking internally.

Note that calling match() from __driver_attach() without the device lock
held is intentional. [1]
Published: 2026-06-24
Score: n/a
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A race condition in the Linux device driver core allows the bus match() callback to be called during driver attachment without holding the device lock. This exposes the driver_override field trigger a use-after-free. The resulting kernel memory corruption could lead to a crash or, if an attacker can manipulate memory contents, to arbitrary code execution with kernel privileges. Based on the description, it is inferred that this race condition can trigger a use‑after‑free scenario that may lead to kernel memory corruption and potential privilege escalation.

Affected Systems

All Linux kernel releases that have not incorporated the kernel commit which replaces the direct driver_override access with the driver-core infrastructure. The fix is applied broadly across the Linux vendor; no specific version range is provided.

Risk and Exploitability

The CVSS score is not published, but the EPSS score is less than 1%, indicating a very low exploitation probability. Because the vulnerability relies on a timing race during bus probing, it is most likely exploitable only from a local context that can control device probing. Based on the description, it is inferred that exploitation would likely require local access to manage device probing. The vulnerability is not listed in the CISA KEV catalog.

Generated by OpenCVE AI on June 26, 2026 at 04:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Linux kernel to a release that includes the commit using the driver-core driver_override infrastructure; see the referenced kernel patches for the exact changes.
  • Rebuild and reinstall any kernel modules that depend on device registration to ensure they reference the updated core logic.
  • If an immediate kernel upgrade is not possible, mitigate the risk by disabling or limiting the bus components that trigger __driver_attach() until a later update can be applied.

Generated by OpenCVE AI on June 26, 2026 at 04:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 26 Jun 2026 03:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-416

Fri, 26 Jun 2026 00:15:00 +0000


Wed, 24 Jun 2026 20:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-416

Wed, 24 Jun 2026 17:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: platform/wmi: use generic driver_override infrastructure When a driver is probed through __driver_attach(), the bus' match() callback is called without the device lock held, thus accessing the driver_override field without a lock, which can cause a UAF. Fix this by using the driver-core driver_override infrastructure taking care of proper locking internally. Note that calling match() from __driver_attach() without the device lock held is intentional. [1]
Title platform/wmi: use generic driver_override infrastructure
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-06-24T16:30:49.969Z

Reserved: 2026-06-09T07:44:35.386Z

Link: CVE-2026-53119

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

Severity :

Publid Date: 2026-06-24T00:00:00Z

Links: CVE-2026-53119 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-26T05:00:04Z

Weaknesses
  • CWE-413

    Improper Resource Locking