Description
In the Linux kernel, the following vulnerability has been resolved:

net: phonet: free phonet_device after RCU grace period

phonet_device_destroy() removes a phonet_device from the per-net device
list with list_del_rcu(), but frees it immediately. RCU readers walking
the same list can still hold a pointer to the object after it has been
removed, leading to a slab-use-after-free.

Use kfree_rcu(), matching the lifetime rule already used by
phonet_address_del() for the same object type.
Published: 2026-06-25
Score: 7.0 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability allows a slab-use-after-free due to freeing a phonet_device immediately after it has been removed from the list via list_del_rcu. This race between RCU read‑side protection and immediate deallocation can corrupt kernel memory or result in the execution of arbitrary code. The weakness is a classic use‑after‑free in kernel space and can compromise system integrity and confidentiality.

Affected Systems

The flaw affects the Linux kernel’s phonet subsystem. No specific kernel releases are listed in the data, so all kernel versions prior to the fix are considered vulnerable.

Risk and Exploitability

The EPSS score is < 1%, indicating a low exploitation probability, and the vulnerability is not listed in CISA KEV. The likely attack vector is a network-based exploitation that leverages malicious phonet traffic to trigger the race condition. In an appropriate environment, the flaw can lead to kernel memory corruption and potentially remote code execution. The CVSS score of 7.0 indicates high severity, underscoring the need for immediate action.

Generated by OpenCVE AI on June 26, 2026 at 15:42 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update to a kernel version that includes the phonet_device fix (e.g., the commit that replaced kfree with kfree_rcu).
  • If a kernel upgrade cannot be performed immediately, disable the phonet module or block phonet traffic with a firewall to reduce the attack surface.
  • Apply the upstream patch directly by applying the relevant commit (e.g., patch from git commits 52b8f5ef82c886f7cd24617915e4b1579ddfd001, 71de0177b28da751f407581a4515cf4d762f6296, and bff309ea51f1395c1ef8be8b75ce62d28a319113) to your kernel source and rebuild, ensuring the use of kfree_rcu for device deallocation.

Generated by OpenCVE AI on June 26, 2026 at 15:42 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DSA Debian DSA DSA-6381-1 linux security update
History

Sat, 04 Jul 2026 12:15:00 +0000


Fri, 26 Jun 2026 14:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-416

Fri, 26 Jun 2026 12:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-825
References
Metrics threat_severity

None

cvssV3_1

{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

threat_severity

Moderate


Thu, 25 Jun 2026 12:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-416

Thu, 25 Jun 2026 09:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: net: phonet: free phonet_device after RCU grace period phonet_device_destroy() removes a phonet_device from the per-net device list with list_del_rcu(), but frees it immediately. RCU readers walking the same list can still hold a pointer to the object after it has been removed, leading to a slab-use-after-free. Use kfree_rcu(), matching the lifetime rule already used by phonet_address_del() for the same object type.
Title net: phonet: free phonet_device after RCU grace period
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-07-04T11:50:55.214Z

Reserved: 2026-06-09T07:44:35.388Z

Link: CVE-2026-53157

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-06-25T00:00:00Z

Links: CVE-2026-53157 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-26T15:45:02Z

Weaknesses
  • CWE-825

    Expired Pointer Dereference