A vulnerability classified as critical has been found in Linux Kernel up to 6.12.93/6.18.35/7.0.12 . This vulnerability affects the function z_erofs_decompress_kickoff of the component erofs . Performing a manipulation of the argument sync_decompress results in use after free. This vulnerability is reported as CVE-2026-53272 . The attacker must have access to the local network to execute the attack. No exploit exists. It is recommended to upgrade the affected component.