CVE-2026-53115
- Source
- https://cve.org/CVERecord?id=CVE-2026-53115
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-53115.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2026-53115
- Downstream
- Published
- 2026-06-24T16:30:47.330Z
- Modified
- 2026-06-25T04:05:22.351192347Z
- Summary
- bus: fsl-mc: use generic driver_override infrastructure
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
bus: fsl-mc: use generic driver_override infrastructure
When a driver is probed through __driverattach(), the bus' match() callback is called without the device lock held, thus accessing the driveroverride field without a lock, which can cause a UAF.
Fix this by using the driver-core driver_override infrastructure taking care of proper locking internally.
Note that calling match() from _driverattach() without the device lock held is intentional. [1]
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/53xxx/CVE-2026-53115.json", "cna_assigner": "Linux" }- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/4911b836f35c034c36f102db4ecbe339b38e7d1d
- https://git.kernel.org/stable/c/60bfb563a399c4597dc80588a1109758a8908b97
- https://git.kernel.org/stable/c/6c8dfb0362732bf1e4829867a2a5239fedc592d0
- https://git.kernel.org/stable/c/8139ce66b52a4a5638bfb445b037c07d4abeb08e
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/53xxx/CVE-2026-53115.json
- https://nvd.nist.gov/vuln/detail/CVE-2026-53115
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced1f86a00c1159fd77e66b1bd6ff1a183f4d46f34dFixed4911b836f35c034c36f102db4ecbe339b38e7d1dFixed8139ce66b52a4a5638bfb445b037c07d4abeb08eFixed60bfb563a399c4597dc80588a1109758a8908b97Fixed6c8dfb0362732bf1e4829867a2a5239fedc592d0