CVE-2026-53227
In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: fix possible kfree_skb of ERR_PTR After the patch in
CVSS
5.5
Medio
EPSS
0.1%
p3
KEV
—
Exploit Today
1
0-100
Publicado: 25 jun 2026 · Última mod.: 2 jul 2026 · CWE-401
In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: fix possible kfree_skb of ERR_PTR After the patch in the "Fixes" tag, the allocation of the "reply" skb can happen either before or after locking the ovs_mutex. However, error cleanups still follow the classical reversed order, assuming "reply" is allocated before locking: it is freed after unlocking. If "reply" allocation happens after locking the mutex and it fails, "reply" is left with an ERR_PTR, and execution jumps to the correspondent cleanup stage which will try to free an invalid pointer. Fix this by setting the pointer to NULL after having saved its error value.
- git.kernel.orghttps://git.kernel.org/stable/c/0bb5b2dc1b90aa7dd1473fc8c4d813a29255ff8d
- git.kernel.orghttps://git.kernel.org/stable/c/25fdf53698535fe8790237f5a8a9626791429785
- git.kernel.orghttps://git.kernel.org/stable/c/895d1dd9057cde1687fa0f4286d47ceed0b82997
- git.kernel.orghttps://git.kernel.org/stable/c/971b1b37774f13acc5add0a2843f8598446b8598
- git.kernel.orghttps://git.kernel.org/stable/c/e248fb2e680deb2bd37bac551b72638fe4938a76
- git.kernel.orghttps://git.kernel.org/stable/c/e3d509a1b71396e1452060dbf84a805fd1c3c549
- git.kernel.orghttps://git.kernel.org/stable/c/ecc55aad3390129a87106841f4b68bf3d70c9264
- git.kernel.orghttps://git.kernel.org/stable/c/ee30dd2909d8b98619f4341c70ec8dc8e155ab02