CVE-2026-53261

devlink relation state is normally released from devlunregister(), which calls devlinkrelput(). This misses devlink instances that get a nested relation before registration and then fail probe before devlregister() is reached.

That flow can happen for SFs. The child devlink gets linked to its parent before registration, then a later probe error calls devlinkfree() directly. Since the instance was never registered, devlunregister() is not called and devlink->rel is leaked.

Release any pending relation from devlinkfree() as well. The registered path is unchanged because devlunregister() already clears devlink->rel before devlink_free() runs.

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/53xxx/CVE-2026-53261.json",
    "cna_assigner": "Linux"
}

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

c137743bce02b18c1537d4681aa515f7b80bf0a8

Fixed

a9137286884703113b1c9e6403bd6d7d97b14754

Fixed

927f96861f939c0b517d13ed27bf4fabbfc1cfb3

Fixed

11324d52b0c63f4f202b35793c6507a575e9a689

Fixed

3522b21fd7e1863d0734537737bd59f1b90d0190

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-53261.json"

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

6.7.0

Fixed

6.12.94

Type: ECOSYSTEM
Events: Introduced

6.13.0

Fixed

6.18.36

Type: ECOSYSTEM
Events: Introduced

6.19.0

Fixed

7.0.13

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-53261.json"