Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

CVE-2026-53290

Gravedad CVSS v3.1:
ALTA
Tipo:
No Disponible / Otro tipo
Fecha de publicación:
26/06/2026
Última modificación:
30/06/2026

Descripción

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/xe/eustall: Fix drm_dev_put called before stream disable in close<br /> <br /> In xe_eu_stall_stream_close(), drm_dev_put() is called before the<br /> stream is disabled and its resources are freed. If this drops the<br /> last reference, the device structures could be freed while the<br /> subsequent cleanup code still accesses them, leading to a<br /> use-after-free.<br /> <br /> Fix this by moving drm_dev_put() after all device accesses are<br /> complete. This matches the ordering in xe_oa_release().<br /> <br /> (cherry picked from commit 35aff528f7297e949e5e19c9cd7fd748cf1cf21c)