CVE-2026-53116 | s390/ap: use generic driver_override infrastructure

In the Linux kernel, the following vulnerability has been resolved: s390/ap: use generic driver_override infrastructure When the AP masks are updated via apmask_store() or aqmask_store(), ap_bus_revise_bindings() is called after ap_attr_mutex has been released. This calls __ap_revise_reserved(), which accesses the driver_override field without holding any lock, racing against a concurrent driver_override_store() that may free the old string, resulting in a potential UAF. Fix this by using the driver-core driver_override infrastructure, which protects all accesses with an internal spinlock. Note that unlike most other buses, the AP bus does not check driver_override in its match() callback; the override is checked in ap_device_probe() and __ap_revise_reserved() instead. Also note that we do not enable the driver_override feature of struct bus_type, as AP - in contrast to most other buses - passes "" to sysfs_emit() when the driver_override pointer is NULL. Thus, printing "\n" instead of "(null)\n". Additionally, AP has a custom counter that is modified in the corresponding custom driver_override_store().

Published: 2026-06-24 Last update: 2026-06-24 Assigner: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
NVD Status:ReceivedCVE State: published
View at NVD, CVE.org, EUVD

CVE-2026-53116 is rated Risk Under Review. Scoring and exploitation signals are still pending—keep following this page for CVSS or EPSS updates, then reassess remediation priority once scores appear.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Exploit prediction scoring system (EPSS) score for CVE-2026-53116

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

EPSS has not published a score for this CVE yet—common while NVD analysis or FIRST scoring is still pending. Monitor daily updates and reassess once scores appear.

Common vulnerability scoring system (CVSS) metrics for CVE-2026-53116

CVSS metrics for this CVE.

No CVSS data in dataset for this CVE.

Weakness enumeration for CVE-2026-53116

GitHub Security Advisory for CVE-2026-53116

GHSA-r2jg-mcxg-628g · Severity: unknown — In the Linux kernel, the following vulnerability has been resolved: s390/ap: use generic...

OS Trackers for CVE-2026-53116

vendor priority summary link
debian unimportant CVE-2026-53116 unimportant priority: Debian including 1 source packages (linux), 5 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 5. https://security-tracker.debian.org/tracker/CVE-2026-53116

Affected software / configurations for CVE-2026-53116

Vendor Product Version Raw CPE
linux linux_kernel >= 6.19, < 7.0.10 cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
linux linux_kernel >= 6.19, < 7.1 cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

References for CVE-2026-53116

cvelogic Threat Intelligence