CVE-2026-53156

Source
https://cve.org/CVERecord?id=CVE-2026-53156
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-53156.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-53156
Downstream
Related
Published
2026-06-25T08:38:39.495Z
Modified
2026-07-08T08:09:45.808899205Z
Summary
nvmem: core: fix use-after-free bugs in error paths
Details

In the Linux kernel, the following vulnerability has been resolved:

nvmem: core: fix use-after-free bugs in error paths

Fix several instances of error paths in which we call __nvmemdeviceput() - which may end up freeing the underlying memory and other resources - and then keep on using the nvmem structure. Always put the reference to the nvmem device as the last step before returning the error code.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/53xxx/CVE-2026-53156.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
e888d445ac33a5b0288d670ecd970908b13f07cd
Fixed
e0d38bf47a72da2f02c9fa6f752cd66d977cd7f7
Fixed
cb85ef5a227b3662b88f4d849a1aad43bfe7f5ae
Fixed
40e2a459c0dd1333b2343831480a0ad80dc07614
Fixed
5b6b6fc491899d583eaa75344e094796ae9b530b

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-53156.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.20.0
Fixed
6.12.94
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.18.36
Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
7.0.13

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-53156.json"