CVE-2026-53185

In the Linux kernel, the following vulnerability has been resolved: zram: fix use-after-free in zram_bvec_write_partial() zram_read_page() picks the sync or async backing device read path based on whether the parent bio is NULL. zram_bvec_write_partial() passes its parent bio down, so for ZRAM_WB slots the read is dispatched asynchronously and zram_read_page() returns 0 while the bio is still in flight. The caller then runs memcpy_from_bvec(), zram_write_page() and __free_page() on the buffer, leaving the async read to write into a freed page. zram_bvec_read_partial() was switched to NULL in commit 4e3c87b9421d ("zram: fix synchronous reads") for the same reason; the write_partial counterpart was missed.
Configurations

No configuration.

History

30 Jun 2026, 03:20

Type Values Removed Values Added
References
  • () https://access.redhat.com/security/cve/CVE-2026-53185 -
  • () https://bugzilla.redhat.com/show_bug.cgi?id=2492735 -
  • () https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-53185.json -
CWE CWE-364

28 Jun 2026, 08:16

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.8

25 Jun 2026, 09:16

Type Values Removed Values Added
New CVE

Information

Published : 2026-06-25 09:16

Updated : 2026-06-30 14:44


NVD link : CVE-2026-53185

Mitre link : CVE-2026-53185

CVE.ORG link : CVE-2026-53185


JSON object : View

Products Affected

No product.

CWE
CWE-364

Signal Handler Race Condition