CVE-2026-53156 PUBLISHED

nvmem: core: fix use-after-free bugs in error paths

Assigner: Linux
Reserved: 09.06.2026 Published: 25.06.2026 Updated: 25.06.2026

In the Linux kernel, the following vulnerability has been resolved:

nvmem: core: fix use-after-free bugs in error paths

Fix several instances of error paths in which we call __nvmem_device_put() - which may end up freeing the underlying memory and other resources - and then keep on using the nvmem structure. Always put the reference to the nvmem device as the last step before returning the error code.

Product Status

Vendor	Linux
Product	Linux
Versions	Default: unaffected affected from e888d445ac33a5b0288d670ecd970908b13f07cd to e0d38bf47a72da2f02c9fa6f752cd66d977cd7f7 (excl.) affected from e888d445ac33a5b0288d670ecd970908b13f07cd to cb85ef5a227b3662b88f4d849a1aad43bfe7f5ae (excl.) affected from e888d445ac33a5b0288d670ecd970908b13f07cd to 40e2a459c0dd1333b2343831480a0ad80dc07614 (excl.) affected from e888d445ac33a5b0288d670ecd970908b13f07cd to 5b6b6fc491899d583eaa75344e094796ae9b530b (excl.)

Vendor	Linux
Product	Linux
Versions	Default: affected Version 4.20 is affected unaffected from 0 to 4.20 (excl.) unaffected from 6.12.94 to 6.12.* (incl.) unaffected from 6.18.36 to 6.18.* (incl.) unaffected from 7.0.13 to 7.0.* (incl.) unaffected from 7.1 to * (incl.)

CVE-2026-53156 PUBLISHED

nvmem: core: fix use-after-free bugs in error paths

Product Status

References