CVE-2026-53157

Source
https://cve.org/CVERecord?id=CVE-2026-53157
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-53157.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-53157
Downstream
Related
Published
2026-06-25T08:38:40.132Z
Modified
2026-07-09T04:44:19.911586400Z
Summary
net: phonet: free phonet_device after RCU grace period
Details

In the Linux kernel, the following vulnerability has been resolved:

net: phonet: free phonet_device after RCU grace period

phonetdevicedestroy() removes a phonetdevice from the per-net device list with listdel_rcu(), but frees it immediately. RCU readers walking the same list can still hold a pointer to the object after it has been removed, leading to a slab-use-after-free.

Use kfreercu(), matching the lifetime rule already used by phonetaddress_del() for the same object type.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/53xxx/CVE-2026-53157.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
eeb74a9d45f781ec6f47b9e0a75a6a427b53f165
Fixed
d59794337ea496042288c7c68356d9b9ca7f46a9
Fixed
6cd7067d6e4b0b2033ba2f918ecbd54dc2af3763
Fixed
2ec8011cce0cd0fc7a5068585d867fc08d508578
Fixed
09c9b92c2010481160245244ea8fa1d06d5d4ae0
Fixed
bd2ab4d800fc26814d89328d87b5f97ef6aa906a
Fixed
52b8f5ef82c886f7cd24617915e4b1579ddfd001
Fixed
bff309ea51f1395c1ef8be8b75ce62d28a319113
Fixed
71de0177b28da751f407581a4515cf4d762f6296

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-53157.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2.6.33
Fixed
5.10.260
Type
ECOSYSTEM
Events
Introduced
5.11.0
Fixed
5.15.211
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
6.1.177
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.144
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.95
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.18.36
Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
7.0.13

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-53157.json"