CVE-2026-53272 is a vulnerability in Linux Kernel
Published on June 25, 2026
erofs: fix use-after-free on sbi->sync_decompress
In the Linux kernel, the following vulnerability has been resolved:
erofs: fix use-after-free on sbi->sync_decompress
z_erofs_decompress_kickoff() can race with filesystem unmount, causing
a use-after-free on sbi->sync_decompress.
When I/O completes, z_erofs_endio() calls z_erofs_decompress_kickoff()
to queue z_erofs_decompressqueue_work() asynchronously. Then, after all
folios are unlocked, unmount workflow can proceed and sbi will be freed
before accessing to sbi->sync_decompress.
Thread (unmount) I/O completion kworker
queue_work
z_erofs_decompressqueue_work
(all folios are unlocked)
cleanup_mnt
..
erofs_kill_sb
erofs_sb_free
kfree(sbi)
access sbi->sync_decompress // UAF!!
Products Associated with CVE-2026-53272
Want to know whenever a new CVE is published for Linux Kernel? stack.watch will email you.
Affected Versions
Linux:- Version 40452ffca3c1a0f2994e826f9fa213b107f1a2d4 and below 86ab00cf81d44b675bb23db62b88fd76c8ac8cea is affected.
- Version 40452ffca3c1a0f2994e826f9fa213b107f1a2d4 and below 00bf6868df65fa95b3854996246d15759fdc7070 is affected.
- Version 40452ffca3c1a0f2994e826f9fa213b107f1a2d4 and below 95caf60da33d87ed26c28993620f0d92487b0296 is affected.
- Version 40452ffca3c1a0f2994e826f9fa213b107f1a2d4 and below 1aee05e814d292064bf5fa15733741040cdc48ba is affected.
- Version 5.17 is affected.
- Before 5.17 is unaffected.
- Version 6.12.94, <= 6.12.* is unaffected.
- Version 6.18.36, <= 6.18.* is unaffected.
- Version 7.0.13, <= 7.0.* is unaffected.
- Version 7.1, <= * is unaffected.