Use-After-Free Vulnerability in Linux Kernel Affecting Multicast Group Processing
CVE-2026-53275

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 25 June 2026

What is CVE-2026-53275?

A vulnerability exists in the Linux kernel that can lead to a use-after-free condition when processing Multicast Listener Discovery (MLD) queries. The issue arises when the kernel retrieves a pointer to the multicast group address during the initial packet parsing. If the socket buffer (skb) header is reallocated without reloading this pointer, it can result in dereferencing invalid memory, leading to potential exploitation. The recommended fix involves copying the multicast group address during the initial parse to prevent the chance of a use-after-free error. This vulnerability underscores the importance of careful memory management in kernel space.

Affected Version(s)

Linux 97300b5fdfe28c6edae926926f9467a27cf5889c < 1354271c89d0e5fbf8b3d94097ff0216695209c7

Linux 97300b5fdfe28c6edae926926f9467a27cf5889c < 53baa63a4183291574483f89583dbef13677a2c4

Linux 97300b5fdfe28c6edae926926f9467a27cf5889c < 2a613bf497029d555a7428406aa8cdb84a503cea

References

https://git.kernel.org/stable/c/1354271c89d0e5fbf8b3d9409...

https://git.kernel.org/stable/c/53baa63a4183291574483f895...

https://git.kernel.org/stable/c/2a613bf497029d555a7428406...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 25, 2026
Vulnerability Reserved
Jun 9, 2026

CVE-2026-53275 Data

JSON