CVE-2026-53156

EUVD-2026-39247
In the Linux kernel, the following vulnerability has been resolved:

nvmem: core: fix use-after-free bugs in error paths

Fix several instances of error paths in which we call
__nvmem_device_put() - which may end up freeing the underlying memory
and other resources - and then keep on using the nvmem structure. Always
put the reference to the nvmem device as the last step before returning
the error code.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
UNKNOWN
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 6%
Debian logo
Debian Releases
Debian Product
Codename
linux
bookworm
vulnerable
bookworm (security)
vulnerable
bullseye
vulnerable
bullseye (security)
vulnerable
forky
vulnerable
sid
7.0.13-1
fixed
trixie
vulnerable
trixie (security)
6.12.94-1
fixed
Vulnerability Media Exposure
References
https://git.kernel.org/stable/c/40e2a459c0dd1333b2343831480a0ad80dc07614
https://git.kernel.org/stable/c/5b6b6fc491899d583eaa75344e094796ae9b530b
https://git.kernel.org/stable/c/cb85ef5a227b3662b88f4d849a1aad43bfe7f5ae
https://git.kernel.org/stable/c/e0d38bf47a72da2f02c9fa6f752cd66d977cd7f7