-
CVE-2026-53118
- EPSS 0.16%
- Veröffentlicht 24.06.2026 16:30:49
- Zuletzt bearbeitet 24.06.2026 17:17:26
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- CVE-Watchlists
- Unerledigt
vdpa: use generic driver_override infrastructure
In the Linux kernel, the following vulnerability has been resolved: vdpa: use generic driver_override infrastructure When a driver is probed through __driver_attach(), the bus' match() callback is called without the device lock held, thus accessing the driver_override field without a lock, which can cause a UAF. Fix this by using the driver-core driver_override infrastructure taking care of proper locking internally. Note that calling match() from __driver_attach() without the device lock held is intentional. [1]
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerLinux
≫
Produkt
Linux
Default Statusunaffected
Version
539fec78edb4e084e7c532affc56cc42d4ceea4b
Version <
654ef9c33e138ede6734ac286282df9faf83cd11
Status
affected
Version
539fec78edb4e084e7c532affc56cc42d4ceea4b
Version <
fb5cb4913ce333cc4647722e8c2b8378e12f2464
Status
affected
Version
539fec78edb4e084e7c532affc56cc42d4ceea4b
Version <
85bb534ff12aab6916058897b39c748940a7a4c6
Status
affected
HerstellerLinux
≫
Produkt
Linux
Default Statusaffected
Version
5.17
Status
affected
Version
0
Version <
5.17
Status
unaffected
Version <=
6.18.*
Version
6.18.33
Status
unaffected
Version <=
7.0.*
Version
7.0.10
Status
unaffected
Version <=
*
Version
7.1
Status
unaffected
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.16% | 0.05 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|
https://git.kernel.org/stable/c/654ef9c33e138ede6734ac286282df9faf83cd11
https://git.kernel.org/stable/c/fb5cb4913ce333cc4647722e8c2b8378e12f2464
https://git.kernel.org/stable/c/85bb534ff12aab6916058897b39c748940a7a4c6