CVE-2026-53261 - Vulnerability Details

Description

In the Linux kernel, the following vulnerability has been resolved:

devlink: Release nested relation on devlink free

devlink relation state is normally released from devl_unregister(), which
calls devlink_rel_put(). This misses devlink instances that get a nested
relation before registration and then fail probe before devl_register() is
reached.

That flow can happen for SFs. The child devlink gets linked to its
parent before registration, then a later probe error calls devlink_free()
directly. Since the instance was never registered, devl_unregister() is not
called and devlink->rel is leaked.

Release any pending relation from devlink_free() as well. The registered
path is unchanged because devl_unregister() already clears devlink->rel
before devlink_free() runs.

Published: 2026-06-25

Score: n/a

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

In the Linux kernel devlink subsystem a memory leak occurs when a child devlink is linked to its parent before registration and the probe subsequently fails. Because the parent devlink is never registered, the nested relation is never released during devl_unregister(), and devlink->rel remains allocated until the kernel deallocates the child. The leaked resource is not released by devlink_free() unless the instance was registered, so the leak persists. This flaw does not permit direct code execution but can exhaust kernel heap space if abused repeatedly, leading to degraded performance or denial of service.

Affected Systems

The flaw resides in the generic Linux kernel, affecting any distribution that incorporates the unpatched kernel code. The issue was identified in the devlink module, and no specific kernel version range is listed, meaning all kernels prior to the fix are potentially vulnerable. The affected entities are Linux kernel builds for all supported architectures.

Risk and Exploitability

No CVSS score is published and EPSS is unavailable, but the vulnerability is not flagged in the CISA KEV catalog. Attacks would require local access or an ability to influence device probe events, so it is a local, low‑to‑medium risk. The risk level is primarily determined by the potential for gradual memory exhaustion. No public exploits are reported, and the fix is available in the kernel code repository.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`c137743bce02b18c1537d4681aa515f7b80bf0a8`	affected	< a9137286884703113b1c9e6403bd6d7d97b14754
`c137743bce02b18c1537d4681aa515f7b80bf0a8`	affected	< 927f96861f939c0b517d13ed27bf4fabbfc1cfb3
`c137743bce02b18c1537d4681aa515f7b80bf0a8`	affected	< 11324d52b0c63f4f202b35793c6507a575e9a689
`c137743bce02b18c1537d4681aa515f7b80bf0a8`	affected	< 3522b21fd7e1863d0734537737bd59f1b90d0190

Linux

affected

Version	Status	Constraints
`6.7`	affected	—
`0`	unaffected	< 6.7
`6.12.94`	unaffected	≤ 6.12.*
`6.18.36`	unaffected	≤ 6.18.*
`7.0.13`	unaffected	≤ 7.0.*
`7.1`	unaffected	≤ *

No data.

No data available yet.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Install the latest Linux kernel version that contains the devlink release update.
Verify that the devlink subsystem now releases nested relations upon probe failures.
If a kernel upgrade is not immediately possible, disable or remove drivers that create nested devlink relations or prevent probe failures, and monitor kernel memory usage for abnormal increases.

Generated by OpenCVE AI on June 25, 2026 at 11:46 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00163.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/11324d52b0c63f4f202b35793c6507a575e9a689
https://git.kernel.org/stable/c/3522b21fd7e1863d0734537737bd59f1b90d0190
https://git.kernel.org/stable/c/927f96861f939c0b517d13ed27bf4fabbfc1cfb3
https://git.kernel.org/stable/c/a9137286884703113b1c9e6403bd6d7d97b14754

History

Thu, 25 Jun 2026 12:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-401

Thu, 25 Jun 2026 09:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: devlink: Release nested relation on devlink free devlink relation state is normally released from devl_unregister(), which calls devlink_rel_put(). This misses devlink instances that get a nested relation before registration and then fail probe before devl_register() is reached. That flow can happen for SFs. The child devlink gets linked to its parent before registration, then a later probe error calls devlink_free() directly. Since the instance was never registered, devl_unregister() is not called and devlink->rel is leaked. Release any pending relation from devlink_free() as well. The registered path is unchanged because devl_unregister() already clears devlink->rel before devlink_free() runs.
Title		devlink: Release nested relation on devlink free
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/11324d52b0c63f4f202b35793c6507a575e9a689 https://git.kernel.org/stable/c/3522b21fd7e1863d0734537737bd59f1b90d0190 https://git.kernel.org/stable/c/927f96861f939c0b517d13ed27bf4fabbfc1cfb3 https://git.kernel.org/stable/c/a9137286884703113b1c9e6403bd6d7d97b14754

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-06-25T08:39:49.891Z

Updated: 2026-06-25T08:39:49.891Z

Reserved: 2026-06-09T07:44:35.394Z

Link: CVE-2026-53261

Vulnrichment

No data.

NVD

No data.

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-06-25T12:00:13Z

Weaknesses

CWE-401
Missing Release of Memory after Effective Lifetime

Impact

Affected Systems

Risk and Exploitability

Tracking

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object