CVE-2026-53227
Received Received - Intake
NULL Pointer Dereference in Linux Kernel Open vSwitch

Publication date: 2026-06-25

Last updated on: 2026-06-25

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: fix possible kfree_skb of ERR_PTR After the patch in the "Fixes" tag, the allocation of the "reply" skb can happen either before or after locking the ovs_mutex. However, error cleanups still follow the classical reversed order, assuming "reply" is allocated before locking: it is freed after unlocking. If "reply" allocation happens after locking the mutex and it fails, "reply" is left with an ERR_PTR, and execution jumps to the correspondent cleanup stage which will try to free an invalid pointer. Fix this by setting the pointer to NULL after having saved its error value.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-25
Last Modified
2026-06-25
Generated
2026-06-25
AI Q&A
2026-06-25
EPSS Evaluated
N/A
NVD
CVE-2026-53227
EUVD
EUVD-2026-39318
Affected Vendors & Products
Currently, no data is known.
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linux kernel's openvswitch networking component. It involves improper handling of an error pointer (ERR_PTR) during memory allocation for a network buffer (skb) called "reply." The allocation of "reply" can occur either before or after locking a mutex (ovs_mutex). However, the error cleanup code assumes "reply" was allocated before locking and frees it after unlocking. If allocation happens after locking and fails, "reply" holds an ERR_PTR, and the cleanup code attempts to free this invalid pointer, leading to potential memory corruption or crashes. The fix involves setting the pointer to NULL after saving its error value to prevent freeing an invalid pointer.

Impact Analysis

This vulnerability can lead to improper memory management in the Linux kernel's openvswitch component, potentially causing system instability, crashes, or memory corruption. Such issues could disrupt network functionality or lead to denial of service conditions on affected systems.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-53227. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart