CVE-2026-53118 - Vulnerability Details - OpenCVE

In the Linux kernel, the following vulnerability has been resolved: vdpa: use generic driver_override infrastructure When a driver is probed through __driver_attach(), the bus' match() callback is called without the device lock held, thus accessing the driver_override field without a lock, which can cause a UAF. Fix this by using the driver-core driver_override infrastructure taking care of proper locking internally. Note that calling match() from __driver_attach() without the device lock held is intentional. [1]

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux	Linux Kernel

No data.

No data.

No data.

References

Link	Providers
https://git.kernel.org/stable/c/654ef9c33e138ede6734ac286282df9faf83cd11
https://git.kernel.org/stable/c/85bb534ff12aab6916058897b39c748940a7a4c6
https://git.kernel.org/stable/c/fb5cb4913ce333cc4647722e8c2b8378e12f2464

History

Wed, 24 Jun 2026 17:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: vdpa: use generic driver_override infrastructure When a driver is probed through __driver_attach(), the bus' match() callback is called without the device lock held, thus accessing the driver_override field without a lock, which can cause a UAF. Fix this by using the driver-core driver_override infrastructure taking care of proper locking internally. Note that calling match() from __driver_attach() without the device lock held is intentional. [1]
Title		vdpa: use generic driver_override infrastructure
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/654ef9c33e138ede6734ac286282df9faf83cd11 https://git.kernel.org/stable/c/85bb534ff12aab6916058897b39c748940a7a4c6 https://git.kernel.org/stable/c/fb5cb4913ce333cc4647722e8c2b8378e12f2464

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-06-24T16:30:49.308Z

Updated: 2026-06-24T16:30:49.308Z

Reserved: 2026-06-09T07:44:35.385Z

Link: CVE-2026-53118

Vulnrichment

No data.

NVD

No data.

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-53118", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-06-09T07:44:35.385Z", "datePublished": "2026-06-24T16:30:49.308Z", "dateUpdated": "2026-06-24T16:30:49.308Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-06-24T16:30:49.308Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvdpa: use generic driver_override infrastructure\n\nWhen a driver is probed through __driver_attach(), the bus' match()\ncallback is called without the device lock held, thus accessing the\ndriver_override field without a lock, which can cause a UAF.\n\nFix this by using the driver-core driver_override infrastructure taking\ncare of proper locking internally.\n\nNote that calling match() from __driver_attach() without the device lock\nheld is intentional. [1]"}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/vdpa/vdpa.c", "include/linux/vdpa.h"], "versions": [{"version": "539fec78edb4e084e7c532affc56cc42d4ceea4b", "lessThan": "654ef9c33e138ede6734ac286282df9faf83cd11", "status": "affected", "versionType": "git"}, {"version": "539fec78edb4e084e7c532affc56cc42d4ceea4b", "lessThan": "fb5cb4913ce333cc4647722e8c2b8378e12f2464", "status": "affected", "versionType": "git"}, {"version": "539fec78edb4e084e7c532affc56cc42d4ceea4b", "lessThan": "85bb534ff12aab6916058897b39c748940a7a4c6", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/vdpa/vdpa.c", "include/linux/vdpa.h"], "versions": [{"version": "5.17", "status": "affected"}, {"version": "0", "lessThan": "5.17", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.33", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0.10", "lessThanOrEqual": "7.0.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.1", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.17", "versionEndExcluding": "6.18.33"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.17", "versionEndExcluding": "7.0.10"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.17", "versionEndExcluding": "7.1"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/654ef9c33e138ede6734ac286282df9faf83cd11"}, {"url": "https://git.kernel.org/stable/c/fb5cb4913ce333cc4647722e8c2b8378e12f2464"}, {"url": "https://git.kernel.org/stable/c/85bb534ff12aab6916058897b39c748940a7a4c6"}], "title": "vdpa: use generic driver_override infrastructure", "x_generator": {"engine": "bippy-1.2.0"}}}}