CVE Catalog

CVE-2026-53119

Unknown
Published: Translated: NVD NIST

Summary

A vulnerability has been identified in the Linux kernel related to the __driver_attach() mechanism. Calling the match() function without holding the device lock can lead to a use-after-free (UAF) situation.

Risk Assessment

This vulnerability may lead to unexpected system behavior, potentially compromising the stability and security of the operating system.

Recommendation

It is recommended to update the Linux kernel to the latest version that includes fixes for this vulnerability.

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: platform/wmi: use generic driver_override infrastructure When a driver is probed through __driver_attach(), the bus' match() callback is called without the device lock held, thus accessing the driver_override field without a lock, which can cause a UAF. Fix this by using the driver-core driver_override infrastructure taking care of proper locking internally. Note that calling match() from __driver_attach() without the device lock held is intentional. [1]

Vulnerability data from NVD (NIST) · CISA KEV · EPSS