—

CVE-2026-53118EXPLOITEDPATCHED

linux · linux kernel

vdpa: use generic driver_override infrastructure

Description

A vulnerability classified as critical was found in Linux Kernel up to 6.18.32/7.0.9. This vulnerability affects the function __driver_attach of the component vdpa. The manipulation of the argument driver_override results in use after free.

Affected Products

Vendor	Product	Versions
linux	linux kernel	539fec78edb4e084e7c532affc56cc42d4ceea4b, 539fec78edb4e084e7c532affc56cc42d4ceea4b, 539fec78edb4e084e7c532affc56cc42d4ceea4b, 5.17, 6.18.33, 7.0.10, 7.1, 6.18.32, 7.0.9

References

Related News (3 articles)

Tier A

Microsoft MSRC2h ago

CVE-2026-53118 vdpa: use generic driver_override infrastructure

→ No new info (linked only)

Tier C

VulDB3d ago

CVE-2026-53118 | Linux Kernel up to 6.18.32/7.0.9 vdpa __driver_attach driver_override use after free

→ No new info (linked only)

Tier C

Linux Kernel CVEs3d ago

CVE-2026-53118: vdpa: use generic driver_override infrastructure

→ No new info (linked only)

CISA KEV❌ No

Actively exploited✅ Yes

Patch available

654ef9c33e138ede6734ac286282df9faf83cd11fb5cb4913ce333cc4647722e8c2b8378e12f246485bb534ff12aab6916058897b39c748940a7a4c606.18.337.0.107.1

CWECWE-416

PublishedJun 24, 2026

Last enriched3d agov3

Trending Score65

Source articles3

Independent3

Info Completeness8/14

Missing: cvss, epss, kev, exploit, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

HIGHCVE-2026-31431EXPKEV

crypto: algif_aead - Revert to operating out-of-place

Trending: 111

HIGHCVE-2026-43284EXPKEV

xfrm: esp: avoid in-place decrypt on shared skb frags

Trending: 106

HIGHCVE-2026-43500EXPKEV

rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present

Trending: 100

HIGHCVE-2026-46243EXP

smb: client: reject userspace cifs.spnego descriptions

Trending: 86

HIGHCVE-2026-46333EXP

ptrace: slightly saner 'get_dumpable()' logic

Trending: 70

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Jun 24, 2026

Actively Exploited

Jun 24, 2026

Patch Available

Jun 24, 2026

Discovered by ZDM

Jun 24, 2026

Updated: description, affectedVersions

Jun 24, 2026

Updated: description, severity, affectedVersions, activelyExploited, cweIds

Jun 24, 2026

Version History

Last enriched 3d ago

v3Tier C3d ago

Updated description with critical vulnerability details, changed severity to CRITICAL, added affected versions 6.18.32 and 7.0.9, and noted that there is no exploit available.

descriptionseverityaffectedVersionsactivelyExploitedcweIds

via VulDB

v2Tier C3d ago

Added CVE-2026-53118 and updated affected versions to include 6.18.33, 7.0.10, and 7.1.

descriptionaffectedVersions

via Linux Kernel CVEs

v13d ago

Initial creation