← All CVEs

CVE-2026-53278

N/A

Published 2026-06-26 · Last modified 2026-06-26

In the Linux kernel, the following vulnerability has been resolved: arm_mpam: Check whether the config array is allocated before destroying it __destroy_component_cfg() is called to free the configuration array. It uses the embedded 'garbage' structure, which means the array has to be allocated. If __destroy_component_cfg() is called from mpam_disable() before the configuration was ever allocated, then a NULL pointer is dereferenced. Check for this case and return early if the configuration is not allocated. __destroy_component_cfg() also frees the mbwu_state as this is allocated by __allocate_component_cfg(). As the mbwu_state is allocated after comp->cfg is set, and is also under mpam_list_lock, only the first pointer needs checking.

NO EXPLOITATION SIGNALS

No known exploitation, public exploit, or elevated probability at this time. Track for changes.

Exploitation likelihood

0.2%chance of exploitation in 30 days · 5th percentile

○ In CISA KEV ○ Public exploit / PoC

Impact if exploited

CVSS · not scored

  • No impact metrics

Affected

Vendors Linux

Products Linux

Weakness (CWE)

Not classified.

CVSS vector

Not yet scored.

Sources: NVD · CVE.org · EPSS