CVE-2026-53278

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
26/06/2026
Last modified:
30/06/2026

Description

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> arm_mpam: Check whether the config array is allocated before destroying it<br /> <br /> __destroy_component_cfg() is called to free the configuration array.<br /> It uses the embedded &amp;#39;garbage&amp;#39; structure, which means the array has<br /> to be allocated.<br /> <br /> If __destroy_component_cfg() is called from mpam_disable() before the<br /> configuration was ever allocated, then a NULL pointer is dereferenced.<br /> <br /> Check for this case and return early if the configuration is not<br /> allocated.<br /> <br /> __destroy_component_cfg() also frees the mbwu_state as this is allocated<br /> by __allocate_component_cfg(). As the mbwu_state is allocated after<br /> comp-&gt;cfg is set, and is also under mpam_list_lock, only the first<br /> pointer needs checking.

Impact