Description
In the Linux kernel, the following vulnerability has been resolved:

mailbox: mailbox-test: don't free the reused channel

The RX channel can be aliased to the TX channel if it has a different
MMIO. This special case needs to be handled when freeing the channels
otherwise a double-free occurs.
Published: 2026-06-26
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The Linux kernel's mailbox subsystem contains a flaw where a receiving channel can be aliased to a transmitting channel that uses a different memory‑mapped I/O region. This special case is not handled during channel release, causing a double‑free of the same memory. The double‑free corrupts the kernel's memory allocator, potentially leading to a crash or denial of service.

Affected Systems

All Linux kernel builds that include the mailbox-test component and lack the patch are affected. The vendor is Linux and the product is the Linux kernel. No specific version range is given, so reference commit identifiers to identify patched kernels.

Risk and Exploitability

The CVSS score is 5.5 and the EPSS score is less than 1%, indicating a low exploitation probability. The vulnerability is not listed in CISA's KEV catalog. The double‑free can corrupt memory structures, potentially causing a kernel crash or denial of service. Exploitability would likely require local or privileged access to the mailbox subsystem, and no public exploit is known at this time.

Generated by OpenCVE AI on June 29, 2026 at 15:25 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Linux kernel to a version that includes the mailbox-test double‑free fix (commit 240c71a2).
  • Reboot the system after kernel upgrade to ensure the new kernel is running.
  • If upgrading is not immediately possible, disable the mailbox_test component or apply a temporary patch that adds a guard against freeing the same channel twice.

Generated by OpenCVE AI on June 29, 2026 at 15:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DLA Debian DLA DLA-4664-1 linux security update
Debian DLA Debian DLA DLA-4665-1 linux security update
Debian DLA Debian DLA DLA-4671-1 linux-6.1 security update
History

Mon, 29 Jun 2026 14:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-416

Mon, 29 Jun 2026 12:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-1341
References
Metrics threat_severity

None

cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Moderate


Fri, 26 Jun 2026 22:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-416

Fri, 26 Jun 2026 20:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: mailbox: mailbox-test: don't free the reused channel The RX channel can be aliased to the TX channel if it has a different MMIO. This special case needs to be handled when freeing the channels otherwise a double-free occurs.
Title mailbox: mailbox-test: don't free the reused channel
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-06-26T19:40:52.927Z

Reserved: 2026-06-09T07:44:35.396Z

Link: CVE-2026-53294

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-06-26T00:00:00Z

Links: CVE-2026-53294 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-29T15:30:05Z

Weaknesses
  • CWE-1341

    Multiple Releases of Same Resource or Handle