CVE-2026-53278
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
26/06/2026
Last modified:
30/06/2026
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
arm_mpam: Check whether the config array is allocated before destroying it<br />
<br />
__destroy_component_cfg() is called to free the configuration array.<br />
It uses the embedded &#39;garbage&#39; structure, which means the array has<br />
to be allocated.<br />
<br />
If __destroy_component_cfg() is called from mpam_disable() before the<br />
configuration was ever allocated, then a NULL pointer is dereferenced.<br />
<br />
Check for this case and return early if the configuration is not<br />
allocated.<br />
<br />
__destroy_component_cfg() also frees the mbwu_state as this is allocated<br />
by __allocate_component_cfg(). As the mbwu_state is allocated after<br />
comp->cfg is set, and is also under mpam_list_lock, only the first<br />
pointer needs checking.



