CVE-2026-53117

When a driver is probed through __driverattach(), the bus' match() callback is called without the device lock held, thus accessing the driveroverride field without a lock, which can cause a UAF.

Fix this by using the driver-core driver_override infrastructure taking care of proper locking internally.

Note that calling match() from _driverattach() without the device lock held is intentional. [1]

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/53xxx/CVE-2026-53117.json",
    "cna_assigner": "Linux"
}

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

ebc3d179150347f3b6d97d8f249378bb2218f95e

Fixed

c4295487124f461405e1ef64dfa8c4ab0cb7ebcf

Fixed

106d594711e97762788046c5bbb94f580abc4bf4

Fixed

2081957d8c323ffb58a10bc64837717ac5a042a1

Fixed

b660ba045b2b22cf3b4be72773de00cb48f47be5

Fixed

ac4d8bb6e2e13e8684a76ea48d13ebaaaf5c24c4

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-53117.json"

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

5.3.0

Fixed

6.6.141

Type: ECOSYSTEM
Events: Introduced

6.7.0

Fixed

6.12.91

Type: ECOSYSTEM
Events: Introduced

6.13.0

Fixed

6.18.33

Type: ECOSYSTEM
Events: Introduced

6.19.0

Fixed

7.0.10

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-53117.json"