CVE-2026-53286

UNKNOWN 0.0

idpf: fix double free and use-after-free in aux device error paths

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

In the Linux kernel, the following vulnerability has been resolved: idpf: fix double free and use-after-free in aux device error paths When auxiliary_device_add() fails in idpf_plug_vport_aux_dev() or idpf_plug_core_aux_dev(), the err_aux_dev_add label calls auxiliary_device_uninit() and falls through to err_aux_dev_init. The uninit call will trigger put_device(), which invokes the release callback (idpf_vport_adev_release / idpf_core_adev_release) that frees iadev. The fall-through then reads adev->id from the freed iadev for ida_free() and double-frees iadev with kfree(). Free the IDA slot and clear the back-pointer before uninit, while adev is still valid, then return immediately. Commit 65637c3a1811 ("idpf: fix UAF in RDMA core aux dev deinitialization") fixed the same use-after-free in the matching unplug path in this file but missed both probe error paths.

Vendor	linux
Product	linux
Ecosystems	Linux Kernel
Industries	Technology
Published	Jun 26, 2026

Stay Ahead of the Next One

Get instant alerts for linux linux

Be the first to know when new unknown vulnerabilities affecting linux linux are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Linux / Linux

f4312e6bfa2a98e94dacc75f96f916b76bdf4259 < 722b91d5086a249318c9d0e2b36aeac80ba8c808 f4312e6bfa2a98e94dacc75f96f916b76bdf4259 < f319de7074e1728a9f9ff7134257360c694ec2b2 f4312e6bfa2a98e94dacc75f96f916b76bdf4259 < 6c77b9510829a424d1b74409b7db9456e3522871

Linux / Linux

6.17

References

NVD ↗ CVE.org ↗ EPSS Data ↗

git.kernel.org: https://git.kernel.org/stable/c/722b91d5086a249318c9d0e2b36aeac80ba8c808 git.kernel.org: https://git.kernel.org/stable/c/f319de7074e1728a9f9ff7134257360c694ec2b2 git.kernel.org: https://git.kernel.org/stable/c/6c77b9510829a424d1b74409b7db9456e3522871