-

CVE-2026-53118

vdpa: use generic driver_override infrastructure

In the Linux kernel, the following vulnerability has been resolved:

vdpa: use generic driver_override infrastructure

When a driver is probed through __driver_attach(), the bus' match()
callback is called without the device lock held, thus accessing the
driver_override field without a lock, which can cause a UAF.

Fix this by using the driver-core driver_override infrastructure taking
care of proper locking internally.

Note that calling match() from __driver_attach() without the device lock
held is intentional. [1]
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerLinux
Produkt Linux
Default Statusunaffected
Version 539fec78edb4e084e7c532affc56cc42d4ceea4b
Version < 654ef9c33e138ede6734ac286282df9faf83cd11
Status affected
Version 539fec78edb4e084e7c532affc56cc42d4ceea4b
Version < fb5cb4913ce333cc4647722e8c2b8378e12f2464
Status affected
Version 539fec78edb4e084e7c532affc56cc42d4ceea4b
Version < 85bb534ff12aab6916058897b39c748940a7a4c6
Status affected
HerstellerLinux
Produkt Linux
Default Statusaffected
Version 5.17
Status affected
Version 0
Version < 5.17
Status unaffected
Version <= 6.18.*
Version 6.18.33
Status unaffected
Version <= 7.0.*
Version 7.0.10
Status unaffected
Version <= *
Version 7.1
Status unaffected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.16% 0.05
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://git.kernel.org/stable/c/654ef9c33e138ede6734ac286282df9faf83cd11
https://git.kernel.org/stable/c/fb5cb4913ce333cc4647722e8c2b8378e12f2464
https://git.kernel.org/stable/c/85bb534ff12aab6916058897b39c748940a7a4c6