Description
In the Linux kernel, the following vulnerability has been resolved:

mailbox: mailbox-test: free channels on probe error

On probe error, free the previously obtained channels. This not only
prevents a leak, but also UAF scenarios because the client structure
will be removed nonetheless because it was allocated with devm.
Published: 2026-06-26
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A missing cleanup of channel objects in the Linux mailbox subsystem on a failed probe leaves freed channel resources while the client structure is still allocated by a devm routine. This defect creates a classic use‑after‑free condition that can result in kernel memory corruption and provides an attacker with the potential to corrupt sensitive data or exploit the kernel for privilege escalation. The weakness corresponds to CWE‑825 (Channel Leak).

Affected Systems

All Linux kernels that compile the mailbox-test module of the mailbox subsystem are affected. No specific kernel releases are enumerated, so any build that includes this legacy module prior to the applied patch is at risk. The issue appears in default configurations that load the module, and is not tied to a particular vendor variant beyond the generic Linux kernel.

Risk and Exploitability

The CVSS score of 5.5 indicates moderate severity, and the EPSS score of <1% suggests a low probability of exploitation in the wild. The flaw is listed as not being in the CISA KEV catalog, implying no widely known active exploitation. The likely attack vector is inferred: an attacker with sufficient privileges to load or force a probe failure on the mailbox-test module (for example, by manipulating mailbox hardware or maliciously loading the module) can trigger the use‑after‑free. With kernel‑level access, such a flaw could enable the attacker to corrupt critical data structures and elevate privileges. Due to the moderate CVSS score, potential lack of exploitation evidence, and moderate EPSS, the overall risk is considered moderate but warrants timely remediation.

Generated by OpenCVE AI on June 29, 2026 at 16:29 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to a Linux kernel version that includes the mailbox-test patch.
  • Apply distribution‑specific security updates that backport the mailbox subsystem fix.
  • If a patched kernel is not yet available, disable or unload the mailbox subsystem or related modules until the fix is applied.

Generated by OpenCVE AI on June 29, 2026 at 16:29 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DLA Debian DLA DLA-4664-1 linux security update
Debian DLA Debian DLA DLA-4665-1 linux security update
Debian DLA Debian DLA DLA-4671-1 linux-6.1 security update
History

Mon, 29 Jun 2026 15:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-401
CWE-416

Mon, 29 Jun 2026 12:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-825
References
Metrics threat_severity

None

cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Moderate


Fri, 26 Jun 2026 23:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-401
CWE-416

Fri, 26 Jun 2026 20:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: mailbox: mailbox-test: free channels on probe error On probe error, free the previously obtained channels. This not only prevents a leak, but also UAF scenarios because the client structure will be removed nonetheless because it was allocated with devm.
Title mailbox: mailbox-test: free channels on probe error
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-06-26T19:40:54.341Z

Reserved: 2026-06-09T07:44:35.396Z

Link: CVE-2026-53296

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-06-26T00:00:00Z

Links: CVE-2026-53296 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-29T16:30:17Z

Weaknesses
  • CWE-825

    Expired Pointer Dereference