CVE Catalog

CVE-2026-53233

HighCVSS 7.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.18%

7th percentile — higher than 7% of all known CVEs

Summary

A double-free vulnerability was found in the Linux kernel in the netdev_nl_bind_rx_doit() function. The error path incorrectly calls nlmsg_free() after genlmsg_reply() already consumed the skb, causing a double-free.

Risk Assessment

Double-free memory corruption can lead to system crashes (kernel panic) or potentially privilege escalation if exploited by a local user.

Recommendation

Immediately update the Linux kernel to a version containing the fix that removes the nlmsg_free() call in the error path and propagates the error to the user.

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: netdev: fix double-free in netdev_nl_bind_rx_doit() Sashiko flags that genlmsg_reply() always consumes the skb. The error path calls nlmsg_free(rsp) so we can't jump directly to it. Let's not unbind, just propagate the error to the user. This is the typical way of handling genlmsg_reply() failures. They shouldn't happen unless user does something silly like calling the kernel with an already-full rcvbuf.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS