CVE-2026-53157 - Vulnerability Details

- net: phonet: free phonet_device after RCU grace period

Description

In the Linux kernel, the following vulnerability has been resolved:

net: phonet: free phonet_device after RCU grace period

phonet_device_destroy() removes a phonet_device from the per-net device
list with list_del_rcu(), but frees it immediately. RCU readers walking
the same list can still hold a pointer to the object after it has been
removed, leading to a slab-use-after-free.

Use kfree_rcu(), matching the lifetime rule already used by
phonet_address_del() for the same object type.

Published: 2026-06-25

Score: 7.0 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`eeb74a9d45f781ec6f47b9e0a75a6a427b53f165`	affected	< 52b8f5ef82c886f7cd24617915e4b1579ddfd001
`eeb74a9d45f781ec6f47b9e0a75a6a427b53f165`	affected	< bff309ea51f1395c1ef8be8b75ce62d28a319113
`eeb74a9d45f781ec6f47b9e0a75a6a427b53f165`	affected	< 71de0177b28da751f407581a4515cf4d762f6296

Linux

affected

Version	Status	Constraints
`2.6.33`	affected	—
`0`	unaffected	< 2.6.33
`6.18.36`	unaffected	≤ 6.18.*
`7.0.13`	unaffected	≤ 7.0.*
`7.1`	unaffected	≤ *

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[eeb74a9d45f781ec6f47b9e0a75a6a427b53f165,52b8f5ef82c886f7cd24617915e4b1579ddfd001)`	affected	code_commit	—
`[eeb74a9d45f781ec6f47b9e0a75a6a427b53f165,bff309ea51f1395c1ef8be8b75ce62d28a319113)`	affected	code_commit	—
`[eeb74a9d45f781ec6f47b9e0a75a6a427b53f165,71de0177b28da751f407581a4515cf4d762f6296)`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`2.6.33`	affected	semver	—
`[0,2.6.33)`	unaffected	semver	—
`[6.18.36,6.19.0)`	unaffected	semver	—
`[7.0.13,7.1.0)`	unaffected	semver	—
`[7.1,*]`	unaffected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00173.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/52b8f5ef82c886f7cd24617915e4b1579ddfd001
https://git.kernel.org/stable/c/71de0177b28da751f407581a4515cf4d762f6296
https://git.kernel.org/stable/c/bff309ea51f1395c1ef8be8b75ce62d28a319113
https://lore.kernel.org/linux-cve-announce/2026062548-CVE-2026-53157-7e36@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-53157
https://www.cve.org/CVERecord?id=CVE-2026-53157

History

Fri, 26 Jun 2026 14:15:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-416

Fri, 26 Jun 2026 12:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-825
References		https://lore.kernel.org/linux-cve-announce/2026062548-CVE-2026-53157-7e36@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2026-53157 https://www.cve.org/CVERecord?id=CVE-2026-53157
Metrics	threat_severity `None`	cvssV3_1 `{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}` threat_severity `Moderate`

Thu, 25 Jun 2026 12:30:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-416

Thu, 25 Jun 2026 09:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: net: phonet: free phonet_device after RCU grace period phonet_device_destroy() removes a phonet_device from the per-net device list with list_del_rcu(), but frees it immediately. RCU readers walking the same list can still hold a pointer to the object after it has been removed, leading to a slab-use-after-free. Use kfree_rcu(), matching the lifetime rule already used by phonet_address_del() for the same object type.
Title		net: phonet: free phonet_device after RCU grace period
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/52b8f5ef82c886f7cd24617915e4b1579ddfd001 https://git.kernel.org/stable/c/71de0177b28da751f407581a4515cf4d762f6296 https://git.kernel.org/stable/c/bff309ea51f1395c1ef8be8b75ce62d28a319113

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-06-25T08:38:40.132Z

Updated: 2026-06-25T08:38:40.132Z

Reserved: 2026-06-09T07:44:35.388Z

Link: CVE-2026-53157

Vulnrichment

No data.

NVD

No data.

Redhat

Severity : Moderate

Publid Date: 2026-06-25T00:00:00Z

Links: CVE-2026-53157 - Bugzilla

OpenCVE Enrichment

Updated: 2026-06-26T15:45:02Z

Weaknesses

CWE-825

Tracking

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object