CVE-2026-53290
Received Received - Intake
Use-After-Free in Linux Kernel DRM/XE Driver

Publication date: 2026-06-26

Last updated on: 2026-06-26

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: drm/xe/eustall: Fix drm_dev_put called before stream disable in close In xe_eu_stall_stream_close(), drm_dev_put() is called before the stream is disabled and its resources are freed. If this drops the last reference, the device structures could be freed while the subsequent cleanup code still accesses them, leading to a use-after-free. Fix this by moving drm_dev_put() after all device accesses are complete. This matches the ordering in xe_oa_release(). (cherry picked from commit 35aff528f7297e949e5e19c9cd7fd748cf1cf21c)
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-26
Last Modified
2026-06-26
Generated
2026-06-27
AI Q&A
2026-06-26
EPSS Evaluated
N/A
NVD
CVE-2026-53290
EUVD
EUVD-2026-39895
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linux kernel's drm/xe/eustall component. Specifically, in the function xe_eu_stall_stream_close(), the function drm_dev_put() is called before the stream is disabled and its resources are freed. If drm_dev_put() drops the last reference to the device structures at this point, those structures could be freed while the subsequent cleanup code still tries to access them. This results in a use-after-free condition, which is a type of memory error where the system accesses memory that has already been freed.

The fix involved reordering the calls so that drm_dev_put() is called only after all device accesses are complete, preventing the use-after-free scenario.

Impact Analysis

This vulnerability can lead to a use-after-free condition in the Linux kernel, which may cause system instability, crashes, or potentially allow an attacker to execute arbitrary code with kernel privileges. Such issues can compromise system security and reliability.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-53290. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart