CVE-2026-53160
Received Received - Intake
Use-After-Free in Linux Kernel FastRPC Module

Publication date: 2026-06-25

Last updated on: 2026-06-25

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: fix use-after-free race in fastrpc_map_create fastrpc_map_lookup returns a raw pointer after releasing fl->lock. The caller fastrpc_map_create then calls fastrpc_map_get (kref_get_unless_zero) on this unprotected pointer. A concurrent MEM_UNMAP can free the map between the lock release and the kref operation, resulting in a use-after-free on the freed slab object. Restore the take_ref parameter to fastrpc_map_lookup so the reference is acquired atomically under fl->lock before the pointer is exposed to the caller.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-25
Last Modified
2026-06-25
Generated
2026-06-25
AI Q&A
2026-06-25
EPSS Evaluated
N/A
NVD
CVE-2026-53160
EUVD
EUVD-2026-39251
Affected Vendors & Products
Currently, no data is known.
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a use-after-free race condition in the Linux kernel's fastrpc component, specifically in the fastrpc_map_create function.

The issue occurs because fastrpc_map_lookup returns a raw pointer after releasing a lock (fl->lock). Then, the caller function fastrpc_map_create calls fastrpc_map_get on this pointer without protection.

Meanwhile, a concurrent MEM_UNMAP operation can free the memory map between the lock release and the reference count operation, causing a use-after-free on the freed slab object.

The fix involves restoring the take_ref parameter to fastrpc_map_lookup so that the reference is acquired atomically while holding the lock, preventing the pointer from being freed concurrently.

Impact Analysis

This vulnerability can lead to a use-after-free condition, which may cause system instability, crashes, or potentially allow an attacker to execute arbitrary code or escalate privileges within the kernel.

Because it involves kernel memory management, exploitation could compromise the security and reliability of the affected system.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-53160. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart