CVE-2026-53272 | Linux Kernel up to 6.12.93/6.18.35/7.0.12 erofs z_erofs_decompress_kickoff sync_decompress use after free (EUVD-2026-39223)

Inserito da Angelo Barbosa | Giu 25, 2026 | CVE

A vulnerability classified as critical has been found in Linux Kernel up to 6.12.93/6.18.35/7.0.12. This vulnerability affects the function z_erofs_decompress_kickoff of the component erofs. Performing a manipulation of the argument sync_decompress results in use after free.

This vulnerability is reported as CVE-2026-53272. The attacker must have access to the local network to execute the attack. No exploit exists.

It is recommended to upgrade the affected component.

CVE-2026-53272 | Linux Kernel up to 6.12.93/6.18.35/7.0.12 erofs z_erofs_decompress_kickoff sync_decompress use after free (EUVD-2026-39223)

Post correlati

CVE-2025-1088 | Grafana up to 11.6.1 Dashboard denial of service

CVE-2026-25654 | Siemens SINEC NMS up to 4.0 SP2 Password Reset authorization (ssa-605717)

CVE-2023-40143 | Westermo Lynx 206-F2G 4.24 forward.0.domain cross site scripting (icsa-24-023-04)

CVE-2024-2602 | Schneider Electric FoxRTU Station prior 9.3.0 Project File path traversal (SEVD-2024-191-03)