Use-After-Free Vulnerability in Linux Kernel Affecting iptfs
CVE-2026-53240

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 25 June 2026

What is CVE-2026-53240?

A use-after-free vulnerability exists in the Linux kernel's iptfs module. This flaw arises during the partial reassembly of packets, where improper handling could lead to a memory access issue. Specifically, a race condition may occur when a concurrent CPU processes reassembly while another routine checks for payload ownership. This can result in operations on freed memory, potentially leading to system instability or unexpected behavior. This vulnerability highlights the critical importance of proper locking mechanisms in concurrent environments to prevent such memory access issues.

Affected Version(s)

Linux 3f3339885fb343b7b42d7c34717108ce07da24ae < 8d9a79fbf5172d9c4c0146057af2360913265a11

Linux 3f3339885fb343b7b42d7c34717108ce07da24ae

References

https://git.kernel.org/stable/c/8d9a79fbf5172d9c4c0146057...

https://git.kernel.org/stable/c/ff2ee35b6ce5fa8a8e24ea50b...

https://git.kernel.org/stable/c/eb48730bb827d1550401a5d39...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 25, 2026
Vulnerability Reserved
Jun 9, 2026

CVE-2026-53240 Data

JSON