CVE-2026-53278
arm_mpam: Check whether the config array is allocated before destroying it
Description
In the Linux kernel, the following vulnerability has been resolved: arm_mpam: Check whether the config array is allocated before destroying it __destroy_component_cfg() is called to free the configuration array. It uses the embedded 'garbage' structure, which means the array has to be allocated. If __destroy_component_cfg() is called from mpam_disable() before the configuration was ever allocated, then a NULL pointer is dereferenced. Check for this case and return early if the configuration is not allocated. __destroy_component_cfg() also frees the mbwu_state as this is allocated by __allocate_component_cfg(). As the mbwu_state is allocated after comp->cfg is set, and is also under mpam_list_lock, only the first pointer needs checking.
INFO
Published Date :
June 26, 2026, 7:40 p.m.
Last Modified :
June 26, 2026, 7:40 p.m.
Remotely Exploit :
No
Source :
Linux
Affected Products
The following products are affected by CVE-2026-53278
vulnerability.
Even if cvefeed.io is aware of the exact versions of the
products
that
are
affected, the information is not represented in the table below.
No affected product recoded yet
Solution
- Ensure arm_mpam config array is allocated before destruction.
- Check for allocation status before freeing resources.
- Apply kernel patches to fix the NULL pointer dereference.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2026-53278 vulnerability anywhere in the article.