CVE-2026-53129

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A use-after-free issue exists in the fs/mbcache component. The mb cache destroy() function calls shrinker free() and frees cache entries and the cache itself without first canceling the pending c shrink work work item. If mb cache entry create() schedules c shrink work via schedule work() and the item remains pending or running during the execution of mb cache destroy(), the mb cache shrink worker() function will access the cache after its memory has been released. This condition is reachable by a privileged user with root or CAP SYS ADMIN permissions who can trigger the last put of a mounted ext2, ext4, or ocfs2 filesystem.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.