CVE 7.8 HIGH

zram: fix use-after-free in zram_bvec_write_partial()_CVE-2026-53185

7.8 / 10
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Description

In the Linux kernel, the following vulnerability has been resolved:

zram: fix use-after-free in zram_bvec_write_partial()

zram_read_page() picks the sync or async backing device read path based on
whether the parent bio is NULL. zram_bvec_write_partial() passes its
parent bio down, so for ZRAM_WB slots the read is dispatched
asynchronously and zram_read_page() returns 0 while the bio is still in
flight. The caller then runs memcpy_from_bvec(), zram_write_page() and
__free_page() on the buffer, leaving the async read to write into a freed
page.

zram_bvec_read_partial() was switched to NULL in commit 4e3c87b9421d
("zram: fix synchronous reads") for the same reason; the write_partial
counterpart was missed.

Basic Information

ID CVE-2026-53185
Source Linux
Published Jun 25, 2026 at 08:38
Modified Jun 28, 2026 at 06:39

Affected Product

Vendor Linux
Product Linux
Version 8e654f8fbff52ac483fb69957222853d7e2fc588
Affected Versions Linux Linux 8e654f8fbff52ac483fb69957222853d7e2fc588
Linux Linux 8e654f8fbff52ac483fb69957222853d7e2fc588
Linux Linux 8e654f8fbff52ac483fb69957222853d7e2fc588
Linux Linux 8e654f8fbff52ac483fb69957222853d7e2fc588
Linux Linux 8e654f8fbff52ac483fb69957222853d7e2fc588
Linux Linux 4.14

References

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.