Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

CVE-2026-53278— arm_mpam: Check whether the config array is allocated before destroying it

AI Predicted 3.3 Difficulty: Moderate EPSS 0.11% · P1

Possible ATT&CK Techniques 1AI

T1211 · Exploitation for Stealth

Affected Version Matrix 6

VendorProductVersion RangeStatus
LinuxLinux3bd04fe7d807bbdcfe75b29ca82fae4e2d7dc524< 8eb6dc76eeae5302c0d885906a0e469ef9630a59affected
3bd04fe7d807bbdcfe75b29ca82fae4e2d7dc524< 6ccbb613b42a1f1ba7bfd547a148f644a902a25caffected
6.19affected
< 6.19unaffected
7.0.10≤ 7.0.*unaffected
7.1≤ *unaffected
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-53278

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
arm_mpam: Check whether the config array is allocated before destroying it
Source: NVD (National Vulnerability Database)
Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: arm_mpam: Check whether the config array is allocated before destroying it __destroy_component_cfg() is called to free the configuration array. It uses the embedded 'garbage' structure, which means the array has to be allocated. If __destroy_component_cfg() is called from mpam_disable() before the configuration was ever allocated, then a NULL pointer is dereferenced. Check for this case and return early if the configuration is not allocated. __destroy_component_cfg() also frees the mbwu_state as this is allocated by __allocate_component_cfg(). As the mbwu_state is allocated after comp->cfg is set, and is also under mpam_list_lock, only the first pointer needs checking.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Linux kernel 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Linux kernel是美国Linux基金会开源的操作系统Linux所使用的内核。 Linux kernel 6.19版本存在安全漏洞,该漏洞源于arm_mpam驱动中未检查配置数组是否已分配,可能导致空指针取消引用。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
LinuxLinux 3bd04fe7d807bbdcfe75b29ca82fae4e2d7dc524 ~ 8eb6dc76eeae5302c0d885906a0e469ef9630a59 -
LinuxLinux 6.19 -

II. Public POCs for CVE-2026-53278

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2026-53278

登录查看更多情报信息。

Patches & Fixes for CVE-2026-53278 (1)

Same Patch Batch · Linux · 2026-06-26 · 47 CVEs total

CVE-2026-533099.8 CRITICALocfs2/dlm: fix off-by-one in dlm_match_regions() region comparison
CVE-2026-533228.8 HIGHvfio/pci: Clean up DMABUFs before disabling function
CVE-2026-532818.8 HIGHiommu/vt-d: Avoid NULL pointer dereference or refcount corruption
CVE-2026-533007.8 HIGHnet: enetc: fix NTMP DMA use-after-free issue
CVE-2026-532907.8 HIGHdrm/xe/eustall: Fix drm_dev_put called before stream disable in close
CVE-2026-532847.5 HIGHbtrfs: only release the dirty pages io tree after successful writes
CVE-2026-53279drm/gma500/oaktrail_lvds: fix hang on init failure
CVE-2026-53288arm64: Reserve an extra page for early kernel mapping
CVE-2026-53285drm/amd/display: Wrap DCN32 phantom-plane allocation in DC_RUN_WITH_PREEMPTION_ENABLED
CVE-2026-53282x86/kexec: Push kjump return address even for non-kjump kexec
CVE-2026-53283iommu/amd: Bounds-check devid in __rlookup_amd_iommu()
CVE-2026-53280iommu: Fix NULL group->domain dereference in pci_dev_reset_iommu_done()
CVE-2026-53291ALSA: hda/conexant: Fix missing error check for jack detection
CVE-2026-53293drm/amdgpu: fix AMDGPU_INFO_READ_MMR_REG
CVE-2026-53294mailbox: mailbox-test: don't free the reused channel
CVE-2026-53295mailbox: add sanity check for channel array
CVE-2026-53296mailbox: mailbox-test: free channels on probe error
CVE-2026-53297net: mana: Guard mana_remove against double invocation
CVE-2026-53298net: airoha: Move ndesc initialization at end of airoha_qdma_init_rx_queue()
CVE-2026-53299net: airoha: Move ndesc initialization at end of airoha_qdma_init_tx()

Showing top 20 of 47 CVEs. View all on vendor page &rarr; →

IV. Related Vulnerabilities

V. Comments for CVE-2026-53278

No comments yet


Leave a comment