Description
In the Linux kernel, the following vulnerability has been resolved:

PCI: use generic driver_override infrastructure

When a driver is probed through __driver_attach(), the bus' match()
callback is called without the device lock held, thus accessing the
driver_override field without a lock, which can cause a UAF.

Fix this by using the driver-core driver_override infrastructure taking
care of proper locking internally.

Note that calling match() from __driver_attach() without the device lock
held is intentional. [1]
Published: 2026-06-24
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The flaw occurs when a PCI device is probed: the match() callback is invoked without holding the device lock, allowing the driver core to read the driver_override field without synchronization. This oversight can trigger a use‑after‑free or memory corruption, potentially letting an attacker execute arbitrary kernel code or corrupt system memory. The weakness corresponds to CWE‑416 and CWE‑364.

Affected Systems

The vulnerability affects the Linux kernel. No specific version range is supplied, but any kernel containing the unprotected driver_override access during PCI probe is at risk until the patch is applied. The upstream commit referenced in the advisories contains the fix, so kernel releases newer than that commit are safe.

Risk and Exploitability

The likely attack vector is an attacker who can influence the driver_override value during device initialization, such as by loading a malicious PCI driver or tampering with device firmware. Because the flaw is a data race, an adversary with module‑loading privileges could exploit it. The EPSS score of 0.00157 indicates a very low yet non‑zero probability of exploitation, and the vulnerability is not listed in CISA’s KEV catalog. The absence of a known exploit does not negate the risk; exploitation could lead to privilege escalation or arbitrary kernel code execution. The details of the attack path are inferred from the description and are not explicitly stated in the input.

Generated by OpenCVE AI on June 27, 2026 at 02:29 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Linux kernel to a version that includes the commit fixing the driver_override locking issue.
  • If a kernel upgrade cannot be performed immediately, restrict kernel module loading to only signed or trusted modules and disable the ability to load arbitrary PCI drivers.
  • Verify that no unauthorized or malicious PCI device drivers are present on the system and remove any that are not required for essential functionality.

Generated by OpenCVE AI on June 27, 2026 at 02:29 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 27 Jun 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-364
References
Metrics threat_severity

None

cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Moderate


Wed, 24 Jun 2026 21:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-416

Wed, 24 Jun 2026 17:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: PCI: use generic driver_override infrastructure When a driver is probed through __driver_attach(), the bus' match() callback is called without the device lock held, thus accessing the driver_override field without a lock, which can cause a UAF. Fix this by using the driver-core driver_override infrastructure taking care of proper locking internally. Note that calling match() from __driver_attach() without the device lock held is intentional. [1]
Title PCI: use generic driver_override infrastructure
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-06-24T16:30:50.592Z

Reserved: 2026-06-09T07:44:35.386Z

Link: CVE-2026-53120

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-06-24T00:00:00Z

Links: CVE-2026-53120 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-27T02:30:03Z

Weaknesses