In the Linux kernel, the following vulnerability has been resolved:
net: phonet: free phonet_device after RCU grace period
phonetdevicedestroy() removes a phonetdevice from the per-net device list with listdel_rcu(), but frees it immediately. RCU readers walking the same list can still hold a pointer to the object after it has been removed, leading to a slab-use-after-free.
Use kfreercu(), matching the lifetime rule already used by phonetaddress_del() for the same object type.
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/53xxx/CVE-2026-53157.json",
"cna_assigner": "Linux"
}