CVE-2026-53157 PUBLISHED

net: phonet: free phonet_device after RCU grace period

Assigner: Linux
Reserved: 09.06.2026 Published: 25.06.2026 Updated: 25.06.2026

In the Linux kernel, the following vulnerability has been resolved:

net: phonet: free phonet_device after RCU grace period

phonet_device_destroy() removes a phonet_device from the per-net device list with list_del_rcu(), but frees it immediately. RCU readers walking the same list can still hold a pointer to the object after it has been removed, leading to a slab-use-after-free.

Use kfree_rcu(), matching the lifetime rule already used by phonet_address_del() for the same object type.

Product Status

Vendor	Linux
Product	Linux
Versions	Default: unaffected affected from eeb74a9d45f781ec6f47b9e0a75a6a427b53f165 to 52b8f5ef82c886f7cd24617915e4b1579ddfd001 (excl.) affected from eeb74a9d45f781ec6f47b9e0a75a6a427b53f165 to bff309ea51f1395c1ef8be8b75ce62d28a319113 (excl.) affected from eeb74a9d45f781ec6f47b9e0a75a6a427b53f165 to 71de0177b28da751f407581a4515cf4d762f6296 (excl.)

Vendor	Linux
Product	Linux
Versions	Default: affected Version 2.6.33 is affected unaffected from 0 to 2.6.33 (excl.) unaffected from 6.18.36 to 6.18.* (incl.) unaffected from 7.0.13 to 7.0.* (incl.) unaffected from 7.1 to * (incl.)

CVE-2026-53157 PUBLISHED

net: phonet: free phonet_device after RCU grace period

Product Status

References