Description
In the Linux kernel, the following vulnerability has been resolved:

mailbox: mailbox-test: free channels on probe error

On probe error, free the previously obtained channels. This not only
prevents a leak, but also UAF scenarios because the client structure
will be removed nonetheless because it was allocated with devm.
Published: 2026-06-26
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A missing cleanup of channel objects in the Linux mailbox subsystem on a failed probe leaves freed channels while the client structure is still removed by devm allocation. This creates a classic use‑after‑free condition that can leak memory or allow an attacker to corrupt kernel memory, potentially enabling privilege escalation. The flaw aligns with CWE‑416 and may also manifest as a memory leak (CWE‑401).

Affected Systems

All Linux kernel builds that include the mailbox subsystem with the mailbox-test module are affected. The vulnerability is present in any default kernel configuration that compiles this legacy module before the applied patch; no explicit kernel versions are listed, so any kernel containing the unpatched mailbox-test module is at risk.

Risk and Exploitability

The defect is exploitable from kernel space; an attacker who can trigger a probe failure—by loading the module, manipulating mailbox devices, or abusing related drivers—can exercise the use‑after‑free. With no CVSS score disclosed and EPSS unavailable, the precise exploit likelihood is unclear, but the combination of kernel privilege and a classic use‑after‑free suggests high severity. The issue is not listed in the CISA KEV catalog, indicating no known widespread exploitation, yet the damage potential warrants prompt action.

Generated by OpenCVE AI on June 26, 2026 at 23:05 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to the latest Linux kernel that contains the mailbox-test patch.
  • Apply any distribution‑specific security updates that backport the mailbox subsystem fix.
  • Disable or unload the mailbox subsystem or related drivers until a patched kernel is available.

Generated by OpenCVE AI on June 26, 2026 at 23:05 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 26 Jun 2026 23:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-401
CWE-416

Fri, 26 Jun 2026 20:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: mailbox: mailbox-test: free channels on probe error On probe error, free the previously obtained channels. This not only prevents a leak, but also UAF scenarios because the client structure will be removed nonetheless because it was allocated with devm.
Title mailbox: mailbox-test: free channels on probe error
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-06-26T19:40:54.341Z

Reserved: 2026-06-09T07:44:35.396Z

Link: CVE-2026-53296

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-26T23:15:08Z

Weaknesses
  • CWE-401

    Missing Release of Memory after Effective Lifetime

  • CWE-416

    Use After Free