Use-After-Free Vulnerability in Linux Kernel Related to OP-TEE Supplicant
CVE-2026-53273

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 25 June 2026

What is CVE-2026-53273?

The Linux kernel has unveiled a use-after-free vulnerability linked to the OP-TEE supplicant mechanism. This flaw arises when a client exits prematurely, leading to freed memory being referenced. The issue stems from the changes made in the commit 70b0d6b0a199, which adjusted the client’s behavior during shutdown, allowing it to terminate while the supplicant is still processing the request. To mitigate the risks, access to the request should be serialized using a mutex, ensuring that the request cannot be freed while still in use by the supplicant. This adjustment effectively eliminates the race condition that could be exploited by attackers.

Affected Version(s)

Linux 0180cf0373f84fff61b16f8c062553a13dd7cfca < 416259cb5bffecaaae5f76539deb535a8c1b2c34

Linux c0a9a948159153be145f9471435695373904ee6d < 724d0caffd4204b46f78efe22f18f8338031c6e1

Linux ec18520f5edc20a00c34a8c9fdd6507c355e880f

References

https://git.kernel.org/stable/c/416259cb5bffecaaae5f76539...

https://git.kernel.org/stable/c/724d0caffd4204b46f78efe22...

https://git.kernel.org/stable/c/ae847ab29ded2d7cece4d5970...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 25, 2026
Vulnerability Reserved
Jun 9, 2026

CVE-2026-53273 Data

JSON