Devlink Relation Leak in Linux Kernel Affects Device Functionality
CVE-2026-53261

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 25 June 2026

What is CVE-2026-53261?

A vulnerability in the Linux kernel has been identified where a devlink relation can leak due to improper handling during the registration process. Specifically, if a device instance is linked to its parent before registration and fails to probe properly, the devlink relation remains unreleased. This resource leak occurs because the standard devlink relationship cleanup via devl_unregister() does not trigger. As a result, developers must ensure that any pending relations are released during devlink_free() to prevent potential system resource exhaustion. The resolution focuses on safeguarding integrity and maintaining device functionality.

Affected Version(s)

Linux c137743bce02b18c1537d4681aa515f7b80bf0a8

Linux c137743bce02b18c1537d4681aa515f7b80bf0a8 < 927f96861f939c0b517d13ed27bf4fabbfc1cfb3

Linux c137743bce02b18c1537d4681aa515f7b80bf0a8 < 11324d52b0c63f4f202b35793c6507a575e9a689

References

https://git.kernel.org/stable/c/a9137286884703113b1c9e640...

https://git.kernel.org/stable/c/927f96861f939c0b517d13ed2...

https://git.kernel.org/stable/c/11324d52b0c63f4f202b35793...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 25, 2026
Vulnerability Reserved
Jun 9, 2026

CVE-2026-53261 Data

JSON