Description
In the Linux kernel, the following vulnerability has been resolved:

devlink: Release nested relation on devlink free

devlink relation state is normally released from devl_unregister(), which
calls devlink_rel_put(). This misses devlink instances that get a nested
relation before registration and then fail probe before devl_register() is
reached.

That flow can happen for SFs. The child devlink gets linked to its
parent before registration, then a later probe error calls devlink_free()
directly. Since the instance was never registered, devl_unregister() is not
called and devlink->rel is leaked.

Release any pending relation from devlink_free() as well. The registered
path is unchanged because devl_unregister() already clears devlink->rel
before devlink_free() runs.
Published: 2026-06-25
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The Linux kernel devlink subsystem contains a memory‑leak flaw that occurs when a child devlink instance is linked to a parent before the parent is registered and the child’s probe subsequently fails. Because the parent devlink has never been registered, devl_unregister() – the routine that normally releases nested relations – is not invoked. As a result, devlink->rel remains allocated until the kernel later deallocates the child, leaking kernel memory. The flaw does not provide an attack vector for code execution; the impact is limited to the exhaustion of the kernel heap if the leak is repeated enough times, which could degrade performance or lead to a denial of service.

Affected Systems

The flaw is present in the generic Linux kernel, affecting all distributions that include unpatched kernel code. No specific version range is provided, so every kernel version built before the patch is potentially vulnerable. The problem arises in the devlink module, and any driver or subsystem that creates nested devlink relationships before register can trigger the leak.

Risk and Exploitability

The CVSS score of 5.5 indicates a moderate risk, while the EPSS score of <1% shows a very low likelihood of exploitation. The vulnerability is not included in the CISA KEV catalog. Attacks would require local access or the ability to trigger probe errors for drivers that instantiate devlinks, making the risk low to medium unless the attacker controls the subsystem. The main danger is the gradual draining of kernel memory, which could eventually exhaust heap space and cause a local denial‑of‑service. No public exploits are known, but the patch is already available in the kernel repository.

Generated by OpenCVE AI on June 26, 2026 at 04:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the kernel to a release that includes the devlink free relation fix.
  • If a kernel update is not feasible, apply the patch that releases nested devlink relations in devlink_free(), such as the commit 11324d52b0c63f4f202b35793c6507a575e9a689 or newer.
  • Disable or remove drivers that create nested devlink relations to prevent the leak, and keep a close eye on kernel memory utilization.

Generated by OpenCVE AI on June 26, 2026 at 04:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 26 Jun 2026 03:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-401

Fri, 26 Jun 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-772
References
Metrics threat_severity

None

cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Low


Thu, 25 Jun 2026 12:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-401

Thu, 25 Jun 2026 09:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: devlink: Release nested relation on devlink free devlink relation state is normally released from devl_unregister(), which calls devlink_rel_put(). This misses devlink instances that get a nested relation before registration and then fail probe before devl_register() is reached. That flow can happen for SFs. The child devlink gets linked to its parent before registration, then a later probe error calls devlink_free() directly. Since the instance was never registered, devl_unregister() is not called and devlink->rel is leaked. Release any pending relation from devlink_free() as well. The registered path is unchanged because devl_unregister() already clears devlink->rel before devlink_free() runs.
Title devlink: Release nested relation on devlink free
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-06-25T08:39:49.891Z

Reserved: 2026-06-09T07:44:35.394Z

Link: CVE-2026-53261

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

Severity : Low

Publid Date: 2026-06-25T00:00:00Z

Links: CVE-2026-53261 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-26T04:30:17Z

Weaknesses
  • CWE-772

    Missing Release of Resource after Effective Lifetime