CVE-2026-53160 - Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: fix use-after-free race in fastrpc_map_create fastrpc_map_lookup returns a raw pointer after releasing fl->lock. The caller fastrpc_map_create then calls fastrpc_map_get (kref_get_unless_zero) on this unprotected pointer. A concurrent MEM_UNMAP can free the map between the lock release and the kref operation, resulting in a use-after-free on the freed slab object. Restore the take_ref parameter to fastrpc_map_lookup so the reference is acquired atomically under fl->lock before the pointer is exposed to the caller.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux	Linux Kernel

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors	Products

References

Link	Providers
https://git.kernel.org/stable/c/07ebe87915d8accdaba20c4f88c5ae430fe62fbb
https://git.kernel.org/stable/c/0a3b87293fbd34fda651e6aead9964f84b893962
https://git.kernel.org/stable/c/5b0166112019d1dce30b976ab28fd67f7f0be532
https://git.kernel.org/stable/c/8b080c89183196fd3e49212f2a1a1c4a29335b9c
https://git.kernel.org/stable/c/992f121796b7ca83a5a8b93da24e971363206218
https://git.kernel.org/stable/c/f20f6512ecb75c816e0debf4551a138f098615c4

History

Thu, 25 Jun 2026 11:00:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-416

Thu, 25 Jun 2026 09:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: fix use-after-free race in fastrpc_map_create fastrpc_map_lookup returns a raw pointer after releasing fl->lock. The caller fastrpc_map_create then calls fastrpc_map_get (kref_get_unless_zero) on this unprotected pointer. A concurrent MEM_UNMAP can free the map between the lock release and the kref operation, resulting in a use-after-free on the freed slab object. Restore the take_ref parameter to fastrpc_map_lookup so the reference is acquired atomically under fl->lock before the pointer is exposed to the caller.
Title		misc: fastrpc: fix use-after-free race in fastrpc_map_create
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/07ebe87915d8accdaba20c4f88c5ae430fe62fbb https://git.kernel.org/stable/c/0a3b87293fbd34fda651e6aead9964f84b893962 https://git.kernel.org/stable/c/5b0166112019d1dce30b976ab28fd67f7f0be532 https://git.kernel.org/stable/c/8b080c89183196fd3e49212f2a1a1c4a29335b9c https://git.kernel.org/stable/c/992f121796b7ca83a5a8b93da24e971363206218 https://git.kernel.org/stable/c/f20f6512ecb75c816e0debf4551a138f098615c4

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-06-25T08:38:42.138Z

Updated: 2026-06-25T08:38:42.138Z

Reserved: 2026-06-09T07:44:35.388Z

Link: CVE-2026-53160

Vulnrichment

No data.

NVD

No data.

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-06-25T10:45:16Z

Metrics

Affected Vendors & Products

Metrics

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object