Description
In the Linux kernel, the following vulnerability has been resolved: mailbox: mailbox-test: don't free the reused channel The RX channel can be aliased to the TX channel if it has a different MMIO. This special case needs to be handled when freeing the channels otherwise a double-free occurs.
Affected products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux | 8ea4484d0c2bb4e2152261943fa1a3522654b1c7 to <fc0089f82c3e36060c2c79156bc2018bfb16b56b; 8ea4484d0c2bb4e2152261943fa1a3522654b1c7 to <5d4f3d0f64f1016cb78b400a70b67df91fac99b5; 8ea4484d0c2bb4e2152261943fa1a3522654b1c7 to <c494a11da45ad7ec9b0ff216c3e3ace351193bb6; 8ea4484d0c2bb4e2152261943fa1a3522654b1c7 to <3afca89fae501dbd7421e1777b5b8f033b1d98d0; 8ea4484d0c2bb4e2152261943fa1a3522654b1c7 to <5c209299b0113e289e238fa5f2e8f00c59f76060; 8ea4484d0c2bb4e2152261943fa1a3522654b1c7 to <82f6dcea46cf5de65c4ba7283f7c7b34de4a324d; 8ea4484d0c2bb4e2152261943fa1a3522654b1c7 to <240c71a2aea36a1a4210f911a1c32ea88777e8e4; 8ea4484d0c2bb4e2152261943fa1a3522654b1c7 to <88ebadbf0deefdaccdab868b44ff70a0a257f473 |
| Linux | Linux | 4.4; 0 to <4.4; 5.10.258 to <=5.10.*; 5.15.209 to <=5.15.*; 6.1.175 to <=6.1.*; 6.6.141 to <=6.6.*; 6.12.91 to <=6.12.*; 6.18.33 to <=6.18.*; 7.0.10 to <=7.0.*; 7.1 to <=* |
References
- https://git.kernel.org/stable/c/fc0089f82c3e36060c2c79156bc2018bfb16b56b
- https://git.kernel.org/stable/c/5d4f3d0f64f1016cb78b400a70b67df91fac99b5
- https://git.kernel.org/stable/c/c494a11da45ad7ec9b0ff216c3e3ace351193bb6
- https://git.kernel.org/stable/c/3afca89fae501dbd7421e1777b5b8f033b1d98d0
- https://git.kernel.org/stable/c/5c209299b0113e289e238fa5f2e8f00c59f76060
- https://git.kernel.org/stable/c/82f6dcea46cf5de65c4ba7283f7c7b34de4a324d
- https://git.kernel.org/stable/c/240c71a2aea36a1a4210f911a1c32ea88777e8e4
- https://git.kernel.org/stable/c/88ebadbf0deefdaccdab868b44ff70a0a257f473
Generated from the official CVE List on 27 Jun 2026 07:02 UTC.