CVE-2026-53156 (GCVE-0-2026-53156)

Vulnerability from cvelistv5 – Published: 2026-06-25 08:38 – Updated: 2026-06-25 08:38
VLAI
Title
nvmem: core: fix use-after-free bugs in error paths
Summary
In the Linux kernel, the following vulnerability has been resolved: nvmem: core: fix use-after-free bugs in error paths Fix several instances of error paths in which we call __nvmem_device_put() - which may end up freeing the underlying memory and other resources - and then keep on using the nvmem structure. Always put the reference to the nvmem device as the last step before returning the error code.
Severity
No CVSS data available.
Assigner
Impacted products
Vendor Product Version
Linux Linux Affected: e888d445ac33a5b0288d670ecd970908b13f07cd , < e0d38bf47a72da2f02c9fa6f752cd66d977cd7f7 (git)
Affected: e888d445ac33a5b0288d670ecd970908b13f07cd , < cb85ef5a227b3662b88f4d849a1aad43bfe7f5ae (git)
Affected: e888d445ac33a5b0288d670ecd970908b13f07cd , < 40e2a459c0dd1333b2343831480a0ad80dc07614 (git)
Affected: e888d445ac33a5b0288d670ecd970908b13f07cd , < 5b6b6fc491899d583eaa75344e094796ae9b530b (git)
Create a notification for this product.
Linux Linux Affected: 4.20
Unaffected: 0 , < 4.20 (semver)
Unaffected: 6.12.94 , ≤ 6.12.* (semver)
Unaffected: 6.18.36 , ≤ 6.18.* (semver)
Unaffected: 7.0.13 , ≤ 7.0.* (semver)
Unaffected: 7.1 , ≤ * (original_commit_for_fix)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/nvmem/core.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "e0d38bf47a72da2f02c9fa6f752cd66d977cd7f7",
              "status": "affected",
              "version": "e888d445ac33a5b0288d670ecd970908b13f07cd",
              "versionType": "git"
            },
            {
              "lessThan": "cb85ef5a227b3662b88f4d849a1aad43bfe7f5ae",
              "status": "affected",
              "version": "e888d445ac33a5b0288d670ecd970908b13f07cd",
              "versionType": "git"
            },
            {
              "lessThan": "40e2a459c0dd1333b2343831480a0ad80dc07614",
              "status": "affected",
              "version": "e888d445ac33a5b0288d670ecd970908b13f07cd",
              "versionType": "git"
            },
            {
              "lessThan": "5b6b6fc491899d583eaa75344e094796ae9b530b",
              "status": "affected",
              "version": "e888d445ac33a5b0288d670ecd970908b13f07cd",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/nvmem/core.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.20"
            },
            {
              "lessThan": "4.20",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.94",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.18.*",
              "status": "unaffected",
              "version": "6.18.36",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.*",
              "status": "unaffected",
              "version": "7.0.13",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "7.1",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.94",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.18.36",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "7.0.13",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "7.1",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvmem: core: fix use-after-free bugs in error paths\n\nFix several instances of error paths in which we call\n__nvmem_device_put() - which may end up freeing the underlying memory\nand other resources - and then keep on using the nvmem structure. Always\nput the reference to the nvmem device as the last step before returning\nthe error code."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-25T08:38:39.495Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/e0d38bf47a72da2f02c9fa6f752cd66d977cd7f7"
        },
        {
          "url": "https://git.kernel.org/stable/c/cb85ef5a227b3662b88f4d849a1aad43bfe7f5ae"
        },
        {
          "url": "https://git.kernel.org/stable/c/40e2a459c0dd1333b2343831480a0ad80dc07614"
        },
        {
          "url": "https://git.kernel.org/stable/c/5b6b6fc491899d583eaa75344e094796ae9b530b"
        }
      ],
      "title": "nvmem: core: fix use-after-free bugs in error paths",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2026-53156",
    "datePublished": "2026-06-25T08:38:39.495Z",
    "dateReserved": "2026-06-09T07:44:35.388Z",
    "dateUpdated": "2026-06-25T08:38:39.495Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2026-53156",
      "date": "2026-07-02",
      "epss": "0.00168",
      "percentile": "0.06379"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2026-53156\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2026-06-25T09:16:32.980\",\"lastModified\":\"2026-06-30T14:44:27.313\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nnvmem: core: fix use-after-free bugs in error paths\\n\\nFix several instances of error paths in which we call\\n__nvmem_device_put() - which may end up freeing the underlying memory\\nand other resources - and then keep on using the nvmem structure. Always\\nput the reference to the nvmem device as the last step before returning\\nthe error code.\"}],\"affected\":[{\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"affectedData\":[{\"vendor\":\"Linux\",\"product\":\"Linux\",\"defaultStatus\":\"unaffected\",\"programFiles\":[\"drivers/nvmem/core.c\"],\"repo\":\"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\",\"versions\":[{\"version\":\"e888d445ac33a5b0288d670ecd970908b13f07cd\",\"lessThan\":\"e0d38bf47a72da2f02c9fa6f752cd66d977cd7f7\",\"versionType\":\"git\",\"status\":\"affected\"},{\"version\":\"e888d445ac33a5b0288d670ecd970908b13f07cd\",\"lessThan\":\"cb85ef5a227b3662b88f4d849a1aad43bfe7f5ae\",\"versionType\":\"git\",\"status\":\"affected\"},{\"version\":\"e888d445ac33a5b0288d670ecd970908b13f07cd\",\"lessThan\":\"40e2a459c0dd1333b2343831480a0ad80dc07614\",\"versionType\":\"git\",\"status\":\"affected\"},{\"version\":\"e888d445ac33a5b0288d670ecd970908b13f07cd\",\"lessThan\":\"5b6b6fc491899d583eaa75344e094796ae9b530b\",\"versionType\":\"git\",\"status\":\"affected\"}]},{\"vendor\":\"Linux\",\"product\":\"Linux\",\"defaultStatus\":\"affected\",\"programFiles\":[\"drivers/nvmem/core.c\"],\"repo\":\"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\",\"versions\":[{\"version\":\"4.20\",\"status\":\"affected\"},{\"version\":\"0\",\"lessThan\":\"4.20\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"6.12.94\",\"lessThanOrEqual\":\"6.12.*\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"6.18.36\",\"lessThanOrEqual\":\"6.18.*\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"7.0.13\",\"lessThanOrEqual\":\"7.0.*\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"7.1\",\"lessThanOrEqual\":\"*\",\"versionType\":\"original_commit_for_fix\",\"status\":\"unaffected\"}]}]}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/40e2a459c0dd1333b2343831480a0ad80dc07614\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/5b6b6fc491899d583eaa75344e094796ae9b530b\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/cb85ef5a227b3662b88f4d849a1aad43bfe7f5ae\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/e0d38bf47a72da2f02c9fa6f752cd66d977cd7f7\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…