Use-After-Free Vulnerability in Linux Kernel Airoha Metadata
CVE-2026-53248

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 25 June 2026

What is CVE-2026-53248?

A vulnerability in the Linux kernel's Airoha driver introduces a use-after-free condition during the teardown of metadata destinations. The issue arises when the function airoha_metadata_dst_free() attempts to free the metadata_dst without respecting the RCU (Read-Copy-Update) grace period. This misstep allows for memory that is still referenced by pointers to be prematurely released. Specifically, when skb_dst_set_noref() is called, it links a non-refcounted pointer from socket buffers (skb) to the metadata_dst, potentially leading to access violations if the memory is accessed after being freed. The resolution involves replacing metadata_dst_free() with dst_release(), ensuring proper reference counting and safe memory management.

Affected Version(s)

Linux af3cf757d5c99011b9b94ea8d78aeaccc0153fdc < 6f829e2c17a53a35321268339cd252aff6d6d723

Linux af3cf757d5c99011b9b94ea8d78aeaccc0153fdc < 4b5a574e033e66d2131eff1c18feef8d8643c67e

Linux af3cf757d5c99011b9b94ea8d78aeaccc0153fdc

References

https://git.kernel.org/stable/c/6f829e2c17a53a35321268339...

https://git.kernel.org/stable/c/4b5a574e033e66d2131eff1c1...

https://git.kernel.org/stable/c/b38cae85d1c45ff189d7ecb6a...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 25, 2026
Vulnerability Reserved
Jun 9, 2026

CVE-2026-53248 Data

JSON