Double Invocation Vulnerability in Linux Kernel Affecting Device Management
CVE-2026-53297

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 26 June 2026

What is CVE-2026-53297?

A vulnerability in the Linux kernel related to the mana driver allows for a double invocation of the mana_remove function, which can cause kernel panic under certain conditions. If the device fails to resume and mana_attach() returns an error, the subsequent invocation of mana_remove() potentially dereferences a NULL pointer, resulting in system instability. The vulnerability has been addressed by ensuring that the function exits early if key context pointers are NULL, preventing such dereferencing and increasing the robustness of device management.

Affected Version(s)

Linux 635096a86edb067d55a1e04b4a918f5c6dac0c51

Linux 635096a86edb067d55a1e04b4a918f5c6dac0c51 < 50271d7ec95144d26808025b508f463780517d3c

References

https://git.kernel.org/stable/c/a1ddfd2c0b7a48e5239fadd2a...

https://git.kernel.org/stable/c/bbe5c3c570645a4ceb120979d...

https://git.kernel.org/stable/c/50271d7ec95144d26808025b5...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 26, 2026
Vulnerability Reserved
Jun 9, 2026

CVE-2026-53297 Data

JSON