CVE-2026-53185
HighCVSS 7.8Exploitation Probability (EPSS)
Low risk1th percentile — higher than 1% of all known CVEs
Summary
A use-after-free vulnerability was found in the zram_bvec_write_partial() function of the Linux kernel's zram driver. During partial write, the read from the backing device is performed asynchronously, and the buffer page is freed before the read completes, causing a write to freed memory.
Risk Assessment
This vulnerability can lead to data corruption, system crashes, or potentially privilege escalation if exploited by an attacker with local access.
Recommendation
Immediately update the Linux kernel to a version containing the fix (commit 4e3c87b9421d or later). For production systems, apply the security patch after testing.
Original NVD description (English source)
In the Linux kernel, the following vulnerability has been resolved: zram: fix use-after-free in zram_bvec_write_partial() zram_read_page() picks the sync or async backing device read path based on whether the parent bio is NULL. zram_bvec_write_partial() passes its parent bio down, so for ZRAM_WB slots the read is dispatched asynchronously and zram_read_page() returns 0 while the bio is still in flight. The caller then runs memcpy_from_bvec(), zram_write_page() and __free_page() on the buffer, leaving the async read to write into a freed page. zram_bvec_read_partial() was switched to NULL in commit 4e3c87b9421d ("zram: fix synchronous reads") for the same reason; the write_partial counterpart was missed.

