CVE-2026-53297
In the Linux kernel, the following vulnerability has been resolved: net: mana: Guard mana_remove against double invocation If PM resume fails (e.g., mana_attach() returns an error), mana_probe() calls mana_remove(), which tears down the device and sets gd->gdma_context = NULL and gd->driver_data = NULL. However, a failed resume callback does not automatically unbind the driver. When the device is eventually unbound, mana_remove() is invoked a second time. Without a NULL check, it dereferences gc->dev with gc == NULL, causing a kernel panic. Add an early return if gdma_context or driver_data is NULL so the second invocation is harmless. Move the dev = gc->dev assignment after the guard so it cannot dereference NULL.
Affected versions
Linux kernel versions
5.16
and later are affected. Fixed in
6.18.33,
7.0.10,
7.1
and their respective stable series.
References
3 totalFrequently asked questions
-
What is CVE-2026-53297?
CVE-2026-53297 is a unscored severity Linux kernel vulnerability . It affects Linux kernel versions from 5.16 onward and has been patched in 6.18.33, 7.0.10 and 7.1. CVE-2026-53297 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
-
Is there a patch available for CVE-2026-53297?
Yes — CVE-2026-53297 has been patched. Fixed versions include 6.18.33, 7.0.10 and 7.1. If you are running Linux kernel 5.16 or later up to the fix versions, apply the relevant patch for your kernel branch.
-
Is CVE-2026-53297 actively exploited?
No — CVE-2026-53297 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.