CVE-2026-53297 - Vulnerability Details

Description

In the Linux kernel, the following vulnerability has been resolved:

net: mana: Guard mana_remove against double invocation

If PM resume fails (e.g., mana_attach() returns an error), mana_probe()
calls mana_remove(), which tears down the device and sets
gd->gdma_context = NULL and gd->driver_data = NULL.

However, a failed resume callback does not automatically unbind the
driver. When the device is eventually unbound, mana_remove() is invoked
a second time. Without a NULL check, it dereferences gc->dev with
gc == NULL, causing a kernel panic.

Add an early return if gdma_context or driver_data is NULL so the second
invocation is harmless. Move the dev = gc->dev assignment after the
guard so it cannot dereference NULL.

Published: 2026-06-26

Score: n/a

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

Impact

In the Linux kernel, the mana driver can be removed twice when a failed power‑management resume does not automatically unbind the driver. The second invocation of the removal routine dereferences a NULL pointer because the device reference is not checked, which causes a kernel panic. The flaw does not grant the attacker additional privileges and it only affects the system while it is running.

Affected Systems

All Linux kernel builds that include the mana driver before the patch are affected. The vulnerability remains present across distributions until the kernel tree incorporates the guarded removal logic demonstrated in the cited commit references. Distribution packs that have not yet applied the patch should assume the flaw is present and verify against the commit identifiers listed.

Risk and Exploitability

The CVSS score is not disclosed and the EPSS score is unavailable; the vulnerability is not listed in CISA KEV. The attack path requires an action that causes the mana driver removal routine to be invoked twice when a power‑management resume fails. Based on the description, it is inferred that the attacker would need local or elevated privileges to force a resume failure or manipulate the device state. The resulting kernel panic causes a denial of service that requires a reboot and the crash is observable only while the system is running.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`635096a86edb067d55a1e04b4a918f5c6dac0c51`	affected	< a1ddfd2c0b7a48e5239fadd2a24cc4bc2cda90e6
`635096a86edb067d55a1e04b4a918f5c6dac0c51`	affected	< bbe5c3c570645a4ceb120979d3ee203a1583d775
`635096a86edb067d55a1e04b4a918f5c6dac0c51`	affected	< 50271d7ec95144d26808025b508f463780517d3c

Linux

affected

Version	Status	Constraints
`5.16`	affected	—
`0`	unaffected	< 5.16
`6.18.33`	unaffected	≤ 6.18.*
`7.0.10`	unaffected	≤ 7.0.*
`7.1`	unaffected	≤ *

No data.

No data available yet.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade the Linux kernel to a version that incorporates the commits identified in the advisory.
If immediate kernel upgrade is not possible, disable or unload the mana driver so it cannot be removed during power‑resume failures.
Reboot the system after performing the upgrade or driver disablement to ensure the change takes effect and no pending state remains.

Generated by OpenCVE AI on June 26, 2026 at 23:35 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/50271d7ec95144d26808025b508f463780517d3c
https://git.kernel.org/stable/c/a1ddfd2c0b7a48e5239fadd2a24cc4bc2cda90e6
https://git.kernel.org/stable/c/bbe5c3c570645a4ceb120979d3ee203a1583d775

History

Fri, 26 Jun 2026 23:45:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-476

Fri, 26 Jun 2026 20:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: net: mana: Guard mana_remove against double invocation If PM resume fails (e.g., mana_attach() returns an error), mana_probe() calls mana_remove(), which tears down the device and sets gd->gdma_context = NULL and gd->driver_data = NULL. However, a failed resume callback does not automatically unbind the driver. When the device is eventually unbound, mana_remove() is invoked a second time. Without a NULL check, it dereferences gc->dev with gc == NULL, causing a kernel panic. Add an early return if gdma_context or driver_data is NULL so the second invocation is harmless. Move the dev = gc->dev assignment after the guard so it cannot dereference NULL.
Title		net: mana: Guard mana_remove against double invocation
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/50271d7ec95144d26808025b508f463780517d3c https://git.kernel.org/stable/c/a1ddfd2c0b7a48e5239fadd2a24cc4bc2cda90e6 https://git.kernel.org/stable/c/bbe5c3c570645a4ceb120979d3ee203a1583d775

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-06-26T19:40:55.155Z

Updated: 2026-06-26T19:40:55.155Z

Reserved: 2026-06-09T07:44:35.396Z

Link: CVE-2026-53297

Vulnrichment

No data.

NVD

No data.

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-06-26T23:45:07Z

Weaknesses

CWE-476
NULL Pointer Dereference

Impact

Affected Systems

Risk and Exploitability

Tracking

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object