CVE-2026-53278

Source
https://cve.org/CVERecord?id=CVE-2026-53278
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-53278.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-53278
Downstream
Published
2026-06-26T19:40:40.694Z
Modified
2026-07-09T03:51:33.120920289Z
Summary
arm_mpam: Check whether the config array is allocated before destroying it
Details

In the Linux kernel, the following vulnerability has been resolved:

arm_mpam: Check whether the config array is allocated before destroying it

__destroycomponentcfg() is called to free the configuration array. It uses the embedded 'garbage' structure, which means the array has to be allocated.

If _destroycomponentcfg() is called from mpamdisable() before the configuration was ever allocated, then a NULL pointer is dereferenced.

Check for this case and return early if the configuration is not allocated.

__destroycomponentcfg() also frees the mbwu_state as this is allocated by _allocatecomponentcfg(). As the mbwustate is allocated after comp->cfg is set, and is also under mpamlistlock, only the first pointer needs checking.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/53xxx/CVE-2026-53278.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
3bd04fe7d807bbdcfe75b29ca82fae4e2d7dc524
Fixed
8eb6dc76eeae5302c0d885906a0e469ef9630a59
Fixed
6ccbb613b42a1f1ba7bfd547a148f644a902a25c

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-53278.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
7.0.10

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-53278.json"