CVE 7.8 HIGH

misc: fastrpc: fix use-after-free race in fastrpc_map_create_CVE-2026-53160

7.8 / 10
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Description

In the Linux kernel, the following vulnerability has been resolved:

misc: fastrpc: fix use-after-free race in fastrpc_map_create

fastrpc_map_lookup returns a raw pointer after releasing fl->lock. The
caller fastrpc_map_create then calls fastrpc_map_get (kref_get_unless_zero)
on this unprotected pointer. A concurrent MEM_UNMAP can free the map
between the lock release and the kref operation, resulting in a
use-after-free on the freed slab object.

Restore the take_ref parameter to fastrpc_map_lookup so the reference
is acquired atomically under fl->lock before the pointer is exposed to
the caller.

Basic Information

ID CVE-2026-53160
Source Linux
Published Jun 25, 2026 at 08:38
Modified Jun 28, 2026 at 06:39

Affected Product

Vendor Linux
Product Linux
Version 0b70ec82b309a4093106ff399da1911ad23b52d3
Affected Versions Linux Linux 0b70ec82b309a4093106ff399da1911ad23b52d3
Linux Linux d7513b47082c08105e837b06cebeb3f07a5fa56f
Linux Linux 802359a52676176b18713e33caa17572ad009057
Linux Linux 10df039834f84a297c72ec962c0f9b7c8c5ca31a
Linux Linux 10df039834f84a297c72ec962c0f9b7c8c5ca31a
Linux Linux 10df039834f84a297c72ec962c0f9b7c8c5ca31a
Linux Linux f3f59bab68e9bc714f757ab22f3fb36153014043
Linux Linux 6.1.156
Linux Linux 6.6.112
Linux Linux 6.12.53
Linux Linux 6.17.3
Linux Linux 6.18

References

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.