CVE-2026-53120
- Source
- https://cve.org/CVERecord?id=CVE-2026-53120
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-53120.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2026-53120
- Downstream
- Published
- 2026-06-24T16:30:50.592Z
- Modified
- 2026-06-25T04:05:21.144228372Z
- Summary
- PCI: use generic driver_override infrastructure
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
PCI: use generic driver_override infrastructure
When a driver is probed through __driverattach(), the bus' match() callback is called without the device lock held, thus accessing the driveroverride field without a lock, which can cause a UAF.
Fix this by using the driver-core driver_override infrastructure taking care of proper locking internally.
Note that calling match() from _driverattach() without the device lock held is intentional. [1]
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/53xxx/CVE-2026-53120.json" }- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/10a4206a24013be4d558d476010cbf2eb4c9fa64
- https://git.kernel.org/stable/c/58a42be0d70307d765594fc581f5f5e5ef059712
- https://git.kernel.org/stable/c/c5b2c5755495507e14f310c2653c85de0a309b1f
- https://git.kernel.org/stable/c/dfe950d9464cad609f3b118c6203e2708055bc61
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/53xxx/CVE-2026-53120.json
- https://nvd.nist.gov/vuln/detail/CVE-2026-53120
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced782a985d7af26db39e86070d28f987cad21313c0Fixeddfe950d9464cad609f3b118c6203e2708055bc61Fixed58a42be0d70307d765594fc581f5f5e5ef059712Fixedc5b2c5755495507e14f310c2653c85de0a309b1fFixed10a4206a24013be4d558d476010cbf2eb4c9fa64