Use-After-Free Vulnerability in Linux Kernel Ethernet Driver
CVE-2026-53247

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 25 June 2026

What is CVE-2026-53247?

A use-after-free vulnerability has been identified in the Linux kernel's ethernet driver, specifically within the mtk_eth_soc component. This occurs due to a flaw in the teardown process of metadata destination structures (metadata_dst). The function mtk_free_dev() improperly frees the metadata_dst without ensuring that all RCU readers have completed, leading to potential system instability. To mitigate this risk, the implementation has been updated to use dst_release(), which properly manages reference counts and ensures safe memory freeing under the RCU grace period. Consequently, the risk associated with dangling pointers is significantly reduced, enhancing the overall security of the system.

Affected Version(s)

Linux 2d7605a729062bb554f03c5983d8cfb8c0b42e9c < 72775977e89c25c99ee84d2c5baa3f86a8ba5cb4

Linux 2d7605a729062bb554f03c5983d8cfb8c0b42e9c < 459c6f35c58cf0fd5247e55d73ddaa29571d9b7e

Linux 2d7605a729062bb554f03c5983d8cfb8c0b42e9c

References

https://git.kernel.org/stable/c/72775977e89c25c99ee84d2c5...

https://git.kernel.org/stable/c/459c6f35c58cf0fd5247e55d7...

https://git.kernel.org/stable/c/e634408d2b0cd939cfe019398...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 25, 2026
Vulnerability Reserved
Jun 9, 2026

CVE-2026-53247 Data

JSON