CVE-2026-6424

Use-after-free vulnerability in ESET Linux products potentially allowed an attacker to trigger kernel panic on the system

Package Linux Kernel
Published 2026-07-16
Last modified 2026-07-16
Patch available
Yes

Weakness type

CWE-416

CVE-2026-6424 is a Use After Free vulnerability

What is Use After Free?

The product references memory after it has been freed, which may cause it to crash, use unexpected values, or execute code. Learn more on MITRE CWE

Affected versions

Linux kernel versions 13.1, 13.0, 12.2, 12.1, 12.0, 13.1, 13.0, 12.2, 12.1, 12.0 and later are affected. Fixed in 13.2.3.0, 13.2.53.0 and their respective stable series.

Affected from
≥ 13.1 ≥ 13.0 ≥ 12.2 ≥ 12.1 ≥ 12.0 ≥ 13.1 ≥ 13.0 ≥ 12.2 ≥ 12.1 ≥ 12.0
Fixed in
✓ 13.2.3.0 ✓ 13.2.53.0

Frequently asked questions

  • What is CVE-2026-6424?

    CVE-2026-6424 is a unscored severity Linux kernel vulnerability , classified as an Use After Free flaw (CWE-416) . It affects Linux kernel versions from 13.1 onward and has been patched in 13.2.3.0 and 13.2.53.0. CVE-2026-6424 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

  • Is there a patch available for CVE-2026-6424?

    Yes — CVE-2026-6424 has been patched. Fixed versions include 13.2.3.0 and 13.2.53.0. If you are running Linux kernel 13.1 or later up to the fix versions, apply the relevant patch for your kernel branch.

  • Is CVE-2026-6424 actively exploited?

    No — CVE-2026-6424 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.