Use-After-Free Vulnerability in Linux Kernel Affecting Device Structures
CVE-2026-53290

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 26 June 2026

What is CVE-2026-53290?

A vulnerability in the Linux kernel was identified where the function drm_dev_put() was called prematurely in xe_eu_stall_stream_close(). This misordering could lead to a use-after-free situation where device structures were improperly accessed after being freed. The issue arises when the last reference to these device structures is dropped before ensuring all resources are properly cleaned up, potentially leading to a crash or erratic behavior. The fix involved moving the drm_dev_put() call to occur after all device accesses are completed, ensuring proper resource management and stability in system operations.

Affected Version(s)

Linux 9a0b11d4cf3b4324378c322b7043962e648681ed

Linux 9a0b11d4cf3b4324378c322b7043962e648681ed < 84f2bfbe6e38f8b9815ca00826e53b7f51420402

Linux 9a0b11d4cf3b4324378c322b7043962e648681ed

References

https://git.kernel.org/stable/c/bebce43f34b5feb8a760aa832...

https://git.kernel.org/stable/c/84f2bfbe6e38f8b9815ca0082...

https://git.kernel.org/stable/c/dc2d9842c67d883d3200ae33b...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 26, 2026
Vulnerability Reserved
Jun 9, 2026

CVE-2026-53290 Data

JSON