In the Linux kernel, the following vulnerability has been resolved:
tee: shm: fix shm leak in registershmhelper()
registershmhelper() allocates shm before calling ioviternpages(). If ioviternpages() returns 0, the function jumps to errctxput and leaks shm.
This can be triggered by TEEIOCSHMREGISTER with struct teeioctlshmregister_data where length is 0.
Jump to errfreeshm instead.
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/53xxx/CVE-2026-53210.json",
"cna_assigner": "Linux"
}