Description
In the Linux kernel, the following vulnerability has been resolved:

nvmem: core: fix use-after-free bugs in error paths

Fix several instances of error paths in which we call
__nvmem_device_put() - which may end up freeing the underlying memory
and other resources - and then keep on using the nvmem structure. Always
put the reference to the nvmem device as the last step before returning
the error code.
Published: 2026-06-25
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability stems from error‑handling paths within the kernel’s nvmem subsystem that call __nvmem_device_put(), a routine that frees the underlying memory and resources. After the free, the kernel continues to reference the released nvmem structure, creating a classic use‑after‑free condition that can corrupt kernel memory if malicious data is written into the freed region. If an attacker can trigger this flaw—typically in the nvmem subsystem—the resulting memory corruption could lead to arbitrary code execution or privilege escalation.

Affected Systems

All Linux kernel releases that include the unpatched nvmem core code are affected. The vulnerability is present in any distribution or custom kernel that compiles the nvmem subsystem without the patch referenced in the advisory; no specific vendor or version.

Risk and Exploitability

The CVSS score of 5.5 indicates medium severity, and the EPSS score of <1% suggests exploitation is unlikely, though not impossible. The flaw is not listed in the CISA KEV catalog, and no public exploits are known. However, if an attacker can trigger the error path—by forcing an error in the nvmem kernel memory and potentially achieve privilege escalation or arbitrary code execution. The likelihood of exploitation remains low, but the potential impact warrants prompt remediation.

Generated by OpenCVE AI on June 26, 2026 at 05:37 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the kernel patch that removes the use‑after‑free bug; the patch is available in the kernel commit referenced in the advisory and should be incorporated into any rolling kernel update schedule.
  • Upgrade to a kernel version that contains the fix, such as the latest stable branch or a distribution’s security‑updated kernel.
  • If a patch cannot be applied immediately, restrict access to the nvmem subsystem by setting strict uaccess permissions on its device nodes or disabling the subsystem workload.

Generated by OpenCVE AI on June 26, 2026 at 05:37 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 26 Jun 2026 04:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-416

Fri, 26 Jun 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-825
References
Metrics threat_severity

None

cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Moderate


Thu, 25 Jun 2026 12:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-416

Thu, 25 Jun 2026 09:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: nvmem: core: fix use-after-free bugs in error paths Fix several instances of error paths in which we call __nvmem_device_put() - which may end up freeing the underlying memory and other resources - and then keep on using the nvmem structure. Always put the reference to the nvmem device as the last step before returning the error code.
Title nvmem: core: fix use-after-free bugs in error paths
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-06-25T08:38:39.495Z

Reserved: 2026-06-09T07:44:35.388Z

Link: CVE-2026-53156

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-06-25T00:00:00Z

Links: CVE-2026-53156 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-26T05:45:04Z

Weaknesses
  • CWE-825

    Expired Pointer Dereference