Description
In the Linux kernel, the following vulnerability has been resolved:

zram: fix use-after-free in zram_bvec_write_partial()

zram_read_page() picks the sync or async backing device read path based on
whether the parent bio is NULL. zram_bvec_write_partial() passes its
parent bio down, so for ZRAM_WB slots the read is dispatched
asynchronously and zram_read_page() returns 0 while the bio is still in
flight. The caller then runs memcpy_from_bvec(), zram_write_page() and
__free_page() on the buffer, leaving the async read to write into a freed
page.

zram_bvec_read_partial() was switched to NULL in commit 4e3c87b9421d
("zram: fix synchronous reads") for the same reason; the write_partial
counterpart was missed.
Published: 2026-06-25
Score: n/a
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

zram_bvec_write_partial() in the Linux kernel performs an asynchronous write that frees a memory page while an earlier read request may still attempt to write into that memory. This creates a use‑after‑free condition that can corrupt the contents of a kernel page and potentially lead to a kernel crash or other memory corruption symptoms.

Affected Systems

This vulnerability affects all Linux kernel installations that do not yet include the commit that fixes zram_bvec_write_partial(). The fix commit (0c2821665ff71be3f4b07ecece384669f2877f6a) is present in more recent kernel releases, but no specific version list is supplied in the CVE data.

Risk and Exploitability

The defect resides in kernel space and is not associated with a publicly documented exploitation path. No network‑based attack vector is described, and the CVE has no EPSS score available or KEV listing. The risk is thus theoretical until a suitable exploitation method is demonstrated; affected systems should apply the patch to eliminate the memory corruption potential.

Generated by OpenCVE AI on June 25, 2026 at 12:06 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply a kernel update that includes the commit 0c2821665ff71be3f4b07ecece384669f2877f6a.
  • Reboot the system to ensure the updated kernel is in use.
  • If a kernel upgrade is not immediately possible, disable zram or reconfigure it to avoid asynchronous writes until a safer kernel version is available.

Generated by OpenCVE AI on June 25, 2026 at 12:06 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 25 Jun 2026 12:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-416

Thu, 25 Jun 2026 09:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: zram: fix use-after-free in zram_bvec_write_partial() zram_read_page() picks the sync or async backing device read path based on whether the parent bio is NULL. zram_bvec_write_partial() passes its parent bio down, so for ZRAM_WB slots the read is dispatched asynchronously and zram_read_page() returns 0 while the bio is still in flight. The caller then runs memcpy_from_bvec(), zram_write_page() and __free_page() on the buffer, leaving the async read to write into a freed page. zram_bvec_read_partial() was switched to NULL in commit 4e3c87b9421d ("zram: fix synchronous reads") for the same reason; the write_partial counterpart was missed.
Title zram: fix use-after-free in zram_bvec_write_partial()
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-06-25T08:38:58.853Z

Reserved: 2026-06-09T07:44:35.390Z

Link: CVE-2026-53185

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-25T15:15:03Z

Weaknesses