Home

Description

In the Linux kernel, the following vulnerability has been resolved: vdpa: use generic driver_override infrastructure When a driver is probed through __driver_attach(), the bus' match() callback is called without the device lock held, thus accessing the driver_override field without a lock, which can cause a UAF. Fix this by using the driver-core driver_override infrastructure taking care of proper locking internally. Note that calling match() from __driver_attach() without the device lock held is intentional. [1]

PUBLISHED Reserved 2026-06-09 | Published 2026-06-24 | Updated 2026-06-24 | Assigner Linux

Product status

Default status
unaffected

539fec78edb4e084e7c532affc56cc42d4ceea4b (git) before 654ef9c33e138ede6734ac286282df9faf83cd11
affected

539fec78edb4e084e7c532affc56cc42d4ceea4b (git) before fb5cb4913ce333cc4647722e8c2b8378e12f2464
affected

539fec78edb4e084e7c532affc56cc42d4ceea4b (git) before 85bb534ff12aab6916058897b39c748940a7a4c6
affected

Default status
affected

5.17
affected

Any version before 5.17
unaffected

6.18.33 (semver)
unaffected

7.0.10 (semver)
unaffected

7.1 (original_commit_for_fix)
unaffected

References

git.kernel.org/...c/654ef9c33e138ede6734ac286282df9faf83cd11

git.kernel.org/...c/fb5cb4913ce333cc4647722e8c2b8378e12f2464

git.kernel.org/...c/85bb534ff12aab6916058897b39c748940a7a4c6

cve.org (CVE-2026-53118)

nvd.nist.gov (CVE-2026-53118)

Download JSON