CVE-2026-6424
Use-after-free vulnerability in ESET Linux products potentially allowed an attacker to trigger kernel panic on the system
Weakness type
CWE-416CVE-2026-6424 is a Use After Free vulnerability
What is Use After Free?
The product references memory after it has been freed, which may cause it to crash, use unexpected values, or execute code. Learn more on MITRE CWE
Affected versions
Linux kernel versions
13.1,
13.0,
12.2,
12.1,
12.0,
13.1,
13.0,
12.2,
12.1,
12.0
and later are affected. Fixed in
13.2.3.0,
13.2.53.0
and their respective stable series.
Frequently asked questions
-
What is CVE-2026-6424?
CVE-2026-6424 is a unscored severity Linux kernel vulnerability , classified as an Use After Free flaw (CWE-416) . It affects Linux kernel versions from 13.1 onward and has been patched in 13.2.3.0 and 13.2.53.0. CVE-2026-6424 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
-
Is there a patch available for CVE-2026-6424?
Yes — CVE-2026-6424 has been patched. Fixed versions include 13.2.3.0 and 13.2.53.0. If you are running Linux kernel 13.1 or later up to the fix versions, apply the relevant patch for your kernel branch.
-
Is CVE-2026-6424 actively exploited?
No — CVE-2026-6424 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.