CVE-2026-53278 - Vulnerability Details

Description

In the Linux kernel, the following vulnerability has been resolved:

arm_mpam: Check whether the config array is allocated before destroying it

__destroy_component_cfg() is called to free the configuration array.
It uses the embedded 'garbage' structure, which means the array has
to be allocated.

If __destroy_component_cfg() is called from mpam_disable() before the
configuration was ever allocated, then a NULL pointer is dereferenced.

Check for this case and return early if the configuration is not
allocated.

__destroy_component_cfg() also frees the mbwu_state as this is allocated
by __allocate_component_cfg(). As the mbwu_state is allocated after
comp->cfg is set, and is also under mpam_list_lock, only the first
pointer needs checking.

Published: 2026-06-26

Score: n/a

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The vulnerability resides in the arm_mpam subsystem of the Linux kernel, where the __destroy_component_cfg function frees a configuration array without first verifying that it was allocated. If this function is called before allocation, a NULL pointer dereference triggers a kernel panic, effectively taking the host offline. This is a classic null‑pointer dereference flaw.

Affected Systems

All Linux kernel builds that include the arm_mpam driver are potentially impacted, such as arm64 and other ARM architectures that ship with unpatched kernels. This vulnerability affects a wide range of Linux distributions that have not applied the latest kernel update.

Risk and Exploitability

The bug could be triggered if an attacker with local or root privileges activates mpam_disable to force the crash. No public exploits are catalogued and EPSS is not available, but the loss of kernel stability is inherently high. The CVE is not listed in the CISA KEV catalog, suggesting no current known active exploitation.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`3bd04fe7d807bbdcfe75b29ca82fae4e2d7dc524`	affected	< 8eb6dc76eeae5302c0d885906a0e469ef9630a59
`3bd04fe7d807bbdcfe75b29ca82fae4e2d7dc524`	affected	< 6ccbb613b42a1f1ba7bfd547a148f644a902a25c

Linux

affected

Version	Status	Constraints
`6.19`	affected	—
`0`	unaffected	< 6.19
`7.0.10`	unaffected	≤ 7.0.*
`7.1`	unaffected	≤ *

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[3bd04fe7d807bbdcfe75b29ca82fae4e2d7dc524,8eb6dc76eeae5302c0d885906a0e469ef9630a59)`	affected	code_commit	—
`[3bd04fe7d807bbdcfe75b29ca82fae4e2d7dc524,6ccbb613b42a1f1ba7bfd547a148f644a902a25c)`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`6.19`	affected	generic	—
`[0,6.19)`	unaffected	semver	—
`[7.0.10,7.1.0)`	unaffected	semver	—
`[7.1,*]`	unaffected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Update the Linux kernel to a version that includes the null-pointer check for the __destroy_component_cfg function verifies allocation before cleanup.
If updating is delayed, disable or remove the arm_mpam module to avoid exercising the vulnerable code path.
Monitor system kernel logs for unexpected crashes related to MPAM and apply the patch as soon as possible.

Generated by OpenCVE AI on June 26, 2026 at 21:57 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00155.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/6ccbb613b42a1f1ba7bfd547a148f644a902a25c
https://git.kernel.org/stable/c/8eb6dc76eeae5302c0d885906a0e469ef9630a59

History

Fri, 26 Jun 2026 20:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: arm_mpam: Check whether the config array is allocated before destroying it __destroy_component_cfg() is called to free the configuration array. It uses the embedded 'garbage' structure, which means the array has to be allocated. If __destroy_component_cfg() is called from mpam_disable() before the configuration was ever allocated, then a NULL pointer is dereferenced. Check for this case and return early if the configuration is not allocated. __destroy_component_cfg() also frees the mbwu_state as this is allocated by __allocate_component_cfg(). As the mbwu_state is allocated after comp->cfg is set, and is also under mpam_list_lock, only the first pointer needs checking.
Title		arm_mpam: Check whether the config array is allocated before destroying it
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/6ccbb613b42a1f1ba7bfd547a148f644a902a25c https://git.kernel.org/stable/c/8eb6dc76eeae5302c0d885906a0e469ef9630a59

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-06-26T19:40:40.694Z

Updated: 2026-06-26T19:40:40.694Z

Reserved: 2026-06-09T07:44:35.395Z

Link: CVE-2026-53278

Vulnrichment

No data.

NVD

No data.

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-06-27T01:30:09Z

Weaknesses

No weakness.

Impact

Affected Systems

Risk and Exploitability

Tracking

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object