Bug 2492738 (CVE-2026-53156) - CVE-2026-53156 kernel: nvmem: core: fix use-after-free bugs in error paths
Summary: CVE-2026-53156 kernel: nvmem: core: fix use-after-free bugs in error paths
Keywords:
Status: NEW
Alias: CVE-2026-53156
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2026-06-25 10:03 UTC by OSIDB Bzimport
Modified: 2026-06-25 22:32 UTC (History)
2 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)

Description OSIDB Bzimport 2026-06-25 10:03:09 UTC
In the Linux kernel, the following vulnerability has been resolved:

nvmem: core: fix use-after-free bugs in error paths

Fix several instances of error paths in which we call
__nvmem_device_put() - which may end up freeing the underlying memory
and other resources - and then keep on using the nvmem structure. Always
put the reference to the nvmem device as the last step before returning
the error code.


Note You need to log in before you can comment on or make changes to this bug.