CVE-2026-53272

UNKNOWN 0.0

erofs: fix use-after-free on sbi->sync_decompress

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

In the Linux kernel, the following vulnerability has been resolved: erofs: fix use-after-free on sbi->sync_decompress z_erofs_decompress_kickoff() can race with filesystem unmount, causing a use-after-free on sbi->sync_decompress. When I/O completes, z_erofs_endio() calls z_erofs_decompress_kickoff() to queue z_erofs_decompressqueue_work() asynchronously. Then, after all folios are unlocked, unmount workflow can proceed and sbi will be freed before accessing to sbi->sync_decompress. Thread (unmount) I/O completion kworker queue_work z_erofs_decompressqueue_work (all folios are unlocked) cleanup_mnt .. erofs_kill_sb erofs_sb_free kfree(sbi) access sbi->sync_decompress // UAF!!

Vendor	linux
Product	linux
Ecosystems	Linux Kernel
Industries	Technology
Published	Jun 25, 2026

Stay Ahead of the Next One

Get instant alerts for linux linux

Be the first to know when new unknown vulnerabilities affecting linux linux are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Linux / Linux

40452ffca3c1a0f2994e826f9fa213b107f1a2d4 < 86ab00cf81d44b675bb23db62b88fd76c8ac8cea 40452ffca3c1a0f2994e826f9fa213b107f1a2d4 < 00bf6868df65fa95b3854996246d15759fdc7070 40452ffca3c1a0f2994e826f9fa213b107f1a2d4 < 95caf60da33d87ed26c28993620f0d92487b0296 40452ffca3c1a0f2994e826f9fa213b107f1a2d4 < 1aee05e814d292064bf5fa15733741040cdc48ba

Linux / Linux

5.17

References

NVD ↗ CVE.org ↗ EPSS Data ↗

git.kernel.org: https://git.kernel.org/stable/c/86ab00cf81d44b675bb23db62b88fd76c8ac8cea git.kernel.org: https://git.kernel.org/stable/c/00bf6868df65fa95b3854996246d15759fdc7070 git.kernel.org: https://git.kernel.org/stable/c/95caf60da33d87ed26c28993620f0d92487b0296 git.kernel.org: https://git.kernel.org/stable/c/1aee05e814d292064bf5fa15733741040cdc48ba