Use-After-Free and Double Free Vulnerability in Linux Kernel Auxiliary Device Management
CVE-2026-53286

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 26 June 2026

What is CVE-2026-53286?

A vulnerability within the Linux kernel allows for potential double-frees and use-after-frees occurring during auxiliary device management. When the function auxiliary_device_add() encounters an error in either idpf_plug_vport_aux_dev() or idpf_plug_core_aux_dev(), it doesn't adequately handle resource clean-up, leading to a scenario where freed memory can be accessed again. This could allow attackers to exploit the flawed error handling during probe processes, which could have critical security implications for systems relying on the kernel's auxiliary device functionalities.

Affected Version(s)

Linux f4312e6bfa2a98e94dacc75f96f916b76bdf4259 < 722b91d5086a249318c9d0e2b36aeac80ba8c808

Linux f4312e6bfa2a98e94dacc75f96f916b76bdf4259

Linux f4312e6bfa2a98e94dacc75f96f916b76bdf4259 < 6c77b9510829a424d1b74409b7db9456e3522871

References

https://git.kernel.org/stable/c/722b91d5086a249318c9d0e2b...

https://git.kernel.org/stable/c/f319de7074e1728a9f9ff7134...

https://git.kernel.org/stable/c/6c77b9510829a424d1b74409b...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 26, 2026
Vulnerability Reserved
Jun 9, 2026

CVE-2026-53286 Data

JSON