CVE-2026-53294 PUBLISHED

mailbox: mailbox-test: don't free the reused channel

Assigner: Linux
Reserved: 09.06.2026 Published: 26.06.2026 Updated: 26.06.2026

In the Linux kernel, the following vulnerability has been resolved:

mailbox: mailbox-test: don't free the reused channel

The RX channel can be aliased to the TX channel if it has a different MMIO. This special case needs to be handled when freeing the channels otherwise a double-free occurs.

Product Status

Vendor Linux
Product Linux
Versions Default: unaffected
  • affected from 8ea4484d0c2bb4e2152261943fa1a3522654b1c7 to fc0089f82c3e36060c2c79156bc2018bfb16b56b (excl.)
  • affected from 8ea4484d0c2bb4e2152261943fa1a3522654b1c7 to 5d4f3d0f64f1016cb78b400a70b67df91fac99b5 (excl.)
  • affected from 8ea4484d0c2bb4e2152261943fa1a3522654b1c7 to c494a11da45ad7ec9b0ff216c3e3ace351193bb6 (excl.)
  • affected from 8ea4484d0c2bb4e2152261943fa1a3522654b1c7 to 3afca89fae501dbd7421e1777b5b8f033b1d98d0 (excl.)
  • affected from 8ea4484d0c2bb4e2152261943fa1a3522654b1c7 to 5c209299b0113e289e238fa5f2e8f00c59f76060 (excl.)
  • affected from 8ea4484d0c2bb4e2152261943fa1a3522654b1c7 to 82f6dcea46cf5de65c4ba7283f7c7b34de4a324d (excl.)
  • affected from 8ea4484d0c2bb4e2152261943fa1a3522654b1c7 to 240c71a2aea36a1a4210f911a1c32ea88777e8e4 (excl.)
  • affected from 8ea4484d0c2bb4e2152261943fa1a3522654b1c7 to 88ebadbf0deefdaccdab868b44ff70a0a257f473 (excl.)
Vendor Linux
Product Linux
Versions Default: affected
  • Version 4.4 is affected
  • unaffected from 0 to 4.4 (excl.)
  • unaffected from 5.10.258 to 5.10.* (incl.)
  • unaffected from 5.15.209 to 5.15.* (incl.)
  • unaffected from 6.1.175 to 6.1.* (incl.)
  • unaffected from 6.6.141 to 6.6.* (incl.)
  • unaffected from 6.12.91 to 6.12.* (incl.)
  • unaffected from 6.18.33 to 6.18.* (incl.)
  • unaffected from 7.0.10 to 7.0.* (incl.)
  • unaffected from 7.1 to * (incl.)

References