Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2026-AVI-0855
Vulnerability from certfr_avis - Published: 2026-07-09 - Updated: 2026-07-09
De multiples vulnérabilités ont été découvertes dans Microsoft Azure Linux. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | Azure Linux | azl3 kernel 6.6.143.1-1 versions antérieures à 6.6.144.1-1 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "azl3 kernel 6.6.143.1-1 versions ant\u00e9rieures \u00e0 6.6.144.1-1",
"product": {
"name": "Azure Linux",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2026-53138",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-53138"
},
{
"name": "CVE-2026-53163",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-53163"
},
{
"name": "CVE-2026-53361",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-53361"
},
{
"name": "CVE-2026-53362",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-53362"
},
{
"name": "CVE-2026-53157",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-53157"
},
{
"name": "CVE-2026-52909",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-52909"
},
{
"name": "CVE-2026-53325",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-53325"
},
{
"name": "CVE-2026-53151",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-53151"
},
{
"name": "CVE-2026-52928",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-52928"
}
],
"initial_release_date": "2026-07-09T00:00:00",
"last_revision_date": "2026-07-09T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0855",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-07-09T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Microsoft Azure Linux. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Azure Linux",
"vendor_advisories": [
{
"published_at": "2026-07-05",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure Linux CVE-2026-53361",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53361"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure Linux CVE-2026-53138",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53138"
},
{
"published_at": "2026-06-30",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure Linux CVE-2026-53325",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53325"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure Linux CVE-2026-52928",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-52928"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure Linux CVE-2026-53157",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53157"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure Linux CVE-2026-53151",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53151"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure Linux CVE-2026-53163",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53163"
},
{
"published_at": "2026-07-05",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure Linux CVE-2026-53362",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53362"
},
{
"published_at": "2026-06-29",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure Linux CVE-2026-52909",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-52909"
}
]
}
CVE-2026-52909 (GCVE-0-2026-52909)
Vulnerability from cvelistv5 – Published: 2026-06-19 14:43 – Updated: 2026-07-04 11:50
VLAI
EPSS
VEX
Title
ip6_vti: set netns_immutable on the fallback device.
Summary
In the Linux kernel, the following vulnerability has been resolved:
ip6_vti: set netns_immutable on the fallback device.
john1988 and Noam Rathaus reported that vti6_init_net() does not set the
netns_immutable flag on the per-netns fallback tunnel device (ip6_vti0).
Other similar tunnel drivers (like ip6_tunnel, sit, ip6_gre, and ip_tunnel)
correctly set this flag during their fallback device initialization to
prevent them from being moved to another network namespace.
Severity
7.8 (High)
Assigner
References
8 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
61220ab349485d911083d0b7990ccd3db6c63297 , < 12acc977838c943636fb01e2f3087d2e4cc3b7cc
(git)
Affected: 61220ab349485d911083d0b7990ccd3db6c63297 , < 7f28e3948c59481f8db9c9638e204258d26b4e41 (git) Affected: 61220ab349485d911083d0b7990ccd3db6c63297 , < 12c65e2c7fef507551bd7b52123598a761662c01 (git) Affected: 61220ab349485d911083d0b7990ccd3db6c63297 , < f4b6b4af7ef0661ac153c6f7eb1030aa8482c1a3 (git) Affected: 61220ab349485d911083d0b7990ccd3db6c63297 , < c5dbd669db5a426b3025512322e1bf2cdbe14305 (git) Affected: 61220ab349485d911083d0b7990ccd3db6c63297 , < ecf8904067dcba0dad86ece80874841e60317885 (git) Affected: 61220ab349485d911083d0b7990ccd3db6c63297 , < dcdce3bc9f08026ff3739ee7339e1bef526fc5f3 (git) Affected: 61220ab349485d911083d0b7990ccd3db6c63297 , < d289d5307762d1838aaece22c6b6fcad9e8865f9 (git) |
|
| Linux | Linux |
Affected:
3.15
Unaffected: 0 , < 3.15 (semver) Unaffected: 5.10.260 , ≤ 5.10.* (semver) Unaffected: 5.15.211 , ≤ 5.15.* (semver) Unaffected: 6.1.177 , ≤ 6.1.* (semver) Unaffected: 6.6.144 , ≤ 6.6.* (semver) Unaffected: 6.12.95 , ≤ 6.12.* (semver) Unaffected: 6.18.36 , ≤ 6.18.* (semver) Unaffected: 7.0.13 , ≤ 7.0.* (semver) Unaffected: 7.1 , ≤ * (original_commit_for_fix) |
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/ipv6/ip6_vti.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "12acc977838c943636fb01e2f3087d2e4cc3b7cc",
"status": "affected",
"version": "61220ab349485d911083d0b7990ccd3db6c63297",
"versionType": "git"
},
{
"lessThan": "7f28e3948c59481f8db9c9638e204258d26b4e41",
"status": "affected",
"version": "61220ab349485d911083d0b7990ccd3db6c63297",
"versionType": "git"
},
{
"lessThan": "12c65e2c7fef507551bd7b52123598a761662c01",
"status": "affected",
"version": "61220ab349485d911083d0b7990ccd3db6c63297",
"versionType": "git"
},
{
"lessThan": "f4b6b4af7ef0661ac153c6f7eb1030aa8482c1a3",
"status": "affected",
"version": "61220ab349485d911083d0b7990ccd3db6c63297",
"versionType": "git"
},
{
"lessThan": "c5dbd669db5a426b3025512322e1bf2cdbe14305",
"status": "affected",
"version": "61220ab349485d911083d0b7990ccd3db6c63297",
"versionType": "git"
},
{
"lessThan": "ecf8904067dcba0dad86ece80874841e60317885",
"status": "affected",
"version": "61220ab349485d911083d0b7990ccd3db6c63297",
"versionType": "git"
},
{
"lessThan": "dcdce3bc9f08026ff3739ee7339e1bef526fc5f3",
"status": "affected",
"version": "61220ab349485d911083d0b7990ccd3db6c63297",
"versionType": "git"
},
{
"lessThan": "d289d5307762d1838aaece22c6b6fcad9e8865f9",
"status": "affected",
"version": "61220ab349485d911083d0b7990ccd3db6c63297",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/ipv6/ip6_vti.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.15"
},
{
"lessThan": "3.15",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.260",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.211",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.177",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.144",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.95",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.18.*",
"status": "unaffected",
"version": "6.18.36",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.*",
"status": "unaffected",
"version": "7.0.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "7.1",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.260",
"versionStartIncluding": "3.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.211",
"versionStartIncluding": "3.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.177",
"versionStartIncluding": "3.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.144",
"versionStartIncluding": "3.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.95",
"versionStartIncluding": "3.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18.36",
"versionStartIncluding": "3.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.0.13",
"versionStartIncluding": "3.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.1",
"versionStartIncluding": "3.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nip6_vti: set netns_immutable on the fallback device.\n\njohn1988 and Noam Rathaus reported that vti6_init_net() does not set the\nnetns_immutable flag on the per-netns fallback tunnel device (ip6_vti0).\n\nOther similar tunnel drivers (like ip6_tunnel, sit, ip6_gre, and ip_tunnel)\ncorrectly set this flag during their fallback device initialization to\nprevent them from being moved to another network namespace."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-04T11:50:46.147Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/12acc977838c943636fb01e2f3087d2e4cc3b7cc"
},
{
"url": "https://git.kernel.org/stable/c/7f28e3948c59481f8db9c9638e204258d26b4e41"
},
{
"url": "https://git.kernel.org/stable/c/12c65e2c7fef507551bd7b52123598a761662c01"
},
{
"url": "https://git.kernel.org/stable/c/f4b6b4af7ef0661ac153c6f7eb1030aa8482c1a3"
},
{
"url": "https://git.kernel.org/stable/c/c5dbd669db5a426b3025512322e1bf2cdbe14305"
},
{
"url": "https://git.kernel.org/stable/c/ecf8904067dcba0dad86ece80874841e60317885"
},
{
"url": "https://git.kernel.org/stable/c/dcdce3bc9f08026ff3739ee7339e1bef526fc5f3"
},
{
"url": "https://git.kernel.org/stable/c/d289d5307762d1838aaece22c6b6fcad9e8865f9"
}
],
"title": "ip6_vti: set netns_immutable on the fallback device.",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2026-52909",
"datePublished": "2026-06-19T14:43:33.214Z",
"dateReserved": "2026-06-09T07:44:35.366Z",
"dateUpdated": "2026-07-04T11:50:46.147Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-52928 (GCVE-0-2026-52928)
Vulnerability from cvelistv5 – Published: 2026-06-24 07:14 – Updated: 2026-07-04 11:50
VLAI
EPSS
VEX
Title
af_unix: Reject SIOCATMARK on non-stream sockets
Summary
In the Linux kernel, the following vulnerability has been resolved:
af_unix: Reject SIOCATMARK on non-stream sockets
SIOCATMARK reports whether the receive queue is at the urgent mark for
MSG_OOB.
In AF_UNIX, MSG_OOB is supported only for SOCK_STREAM sockets.
SOCK_DGRAM and SOCK_SEQPACKET reject MSG_OOB in sendmsg() and recvmsg(),
so they should not support SIOCATMARK either.
Return -EOPNOTSUPP for non-stream sockets before checking the receive
queue.
Severity
No CVSS data available.
Assigner
References
7 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
314001f0bf927015e459c9d387d62a231fe93af3 , < ec123873fdc83e7244c8ed6d17b8f8ea6c416a67
(git)
Affected: 314001f0bf927015e459c9d387d62a231fe93af3 , < f085971de6d6b8ef946a5e0bcd73ff24509a0f85 (git) Affected: 314001f0bf927015e459c9d387d62a231fe93af3 , < b741c9c6ef59f17c1f104ddf1217ef77f79ed29b (git) Affected: 314001f0bf927015e459c9d387d62a231fe93af3 , < 645b1ed3259af38b7814242a420bc2081bdd1eb6 (git) Affected: 314001f0bf927015e459c9d387d62a231fe93af3 , < c34c41446acf6c0d13b5b06c809be11e0f7f2729 (git) Affected: 314001f0bf927015e459c9d387d62a231fe93af3 , < 3147ddf5a41c20c45c2eb69e00b62f10f822056a (git) Affected: 314001f0bf927015e459c9d387d62a231fe93af3 , < d119775f2bad827edc28071c061fdd4a91f889a5 (git) |
|
| Linux | Linux |
Affected:
5.15
Unaffected: 0 , < 5.15 (semver) Unaffected: 5.15.211 , ≤ 5.15.* (semver) Unaffected: 6.1.177 , ≤ 6.1.* (semver) Unaffected: 6.6.144 , ≤ 6.6.* (semver) Unaffected: 6.12.88 , ≤ 6.12.* (semver) Unaffected: 6.18.30 , ≤ 6.18.* (semver) Unaffected: 7.0.7 , ≤ 7.0.* (semver) Unaffected: 7.1 , ≤ * (original_commit_for_fix) |
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/unix/af_unix.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "ec123873fdc83e7244c8ed6d17b8f8ea6c416a67",
"status": "affected",
"version": "314001f0bf927015e459c9d387d62a231fe93af3",
"versionType": "git"
},
{
"lessThan": "f085971de6d6b8ef946a5e0bcd73ff24509a0f85",
"status": "affected",
"version": "314001f0bf927015e459c9d387d62a231fe93af3",
"versionType": "git"
},
{
"lessThan": "b741c9c6ef59f17c1f104ddf1217ef77f79ed29b",
"status": "affected",
"version": "314001f0bf927015e459c9d387d62a231fe93af3",
"versionType": "git"
},
{
"lessThan": "645b1ed3259af38b7814242a420bc2081bdd1eb6",
"status": "affected",
"version": "314001f0bf927015e459c9d387d62a231fe93af3",
"versionType": "git"
},
{
"lessThan": "c34c41446acf6c0d13b5b06c809be11e0f7f2729",
"status": "affected",
"version": "314001f0bf927015e459c9d387d62a231fe93af3",
"versionType": "git"
},
{
"lessThan": "3147ddf5a41c20c45c2eb69e00b62f10f822056a",
"status": "affected",
"version": "314001f0bf927015e459c9d387d62a231fe93af3",
"versionType": "git"
},
{
"lessThan": "d119775f2bad827edc28071c061fdd4a91f889a5",
"status": "affected",
"version": "314001f0bf927015e459c9d387d62a231fe93af3",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/unix/af_unix.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.15"
},
{
"lessThan": "5.15",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.211",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.177",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.144",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.88",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.18.*",
"status": "unaffected",
"version": "6.18.30",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.*",
"status": "unaffected",
"version": "7.0.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "7.1",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.211",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.177",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.144",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.88",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18.30",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.0.7",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.1",
"versionStartIncluding": "5.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\naf_unix: Reject SIOCATMARK on non-stream sockets\n\nSIOCATMARK reports whether the receive queue is at the urgent mark for\nMSG_OOB.\n\nIn AF_UNIX, MSG_OOB is supported only for SOCK_STREAM sockets.\nSOCK_DGRAM and SOCK_SEQPACKET reject MSG_OOB in sendmsg() and recvmsg(),\nso they should not support SIOCATMARK either.\n\nReturn -EOPNOTSUPP for non-stream sockets before checking the receive\nqueue."
}
],
"providerMetadata": {
"dateUpdated": "2026-07-04T11:50:47.159Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/ec123873fdc83e7244c8ed6d17b8f8ea6c416a67"
},
{
"url": "https://git.kernel.org/stable/c/f085971de6d6b8ef946a5e0bcd73ff24509a0f85"
},
{
"url": "https://git.kernel.org/stable/c/b741c9c6ef59f17c1f104ddf1217ef77f79ed29b"
},
{
"url": "https://git.kernel.org/stable/c/645b1ed3259af38b7814242a420bc2081bdd1eb6"
},
{
"url": "https://git.kernel.org/stable/c/c34c41446acf6c0d13b5b06c809be11e0f7f2729"
},
{
"url": "https://git.kernel.org/stable/c/3147ddf5a41c20c45c2eb69e00b62f10f822056a"
},
{
"url": "https://git.kernel.org/stable/c/d119775f2bad827edc28071c061fdd4a91f889a5"
}
],
"title": "af_unix: Reject SIOCATMARK on non-stream sockets",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2026-52928",
"datePublished": "2026-06-24T07:14:21.367Z",
"dateReserved": "2026-06-09T07:44:35.368Z",
"dateUpdated": "2026-07-04T11:50:47.159Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-53138 (GCVE-0-2026-53138)
Vulnerability from cvelistv5 – Published: 2026-06-25 08:38 – Updated: 2026-07-04 11:50
VLAI
EPSS
VEX
Title
drm/amd/display: Bound VBIOS record-chain walk loops
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Bound VBIOS record-chain walk loops
[Why & How]
All record-chain walk loops in bios_parser.c and bios_parser2.c use
for(;;) and only terminate on a 0xFF record_type sentinel or zero
record_size. A malformed VBIOS image missing the terminator record
causes unbounded iteration at probe time, potentially hundreds of
thousands of iterations with record_size=1. In the final iterations
near the BIOS image boundary, struct casts beyond the 2-byte header
validated by GET_IMAGE can also read out of bounds.
Cap all 14 record-chain walk loops to BIOS_MAX_NUM_RECORD (256)
iterations. The atombios.h defines up to 22 distinct record types
and atomfirmware.h has 13. Assuming an average of less than 10
records per type (which is reasonable since most are connector-
based) 256 is a generous upper bound.
(cherry picked from commit 95700a3d660287ed657d6892f7be9ffc0e294a93)
Severity
No CVSS data available.
Assigner
References
8 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < e94f5323c41f32a74160378c3b19850d1f203ad5
(git)
Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < 04e271a952b8863bbafc99bd51aca4c32bff0e0d (git) Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < 6723188c42ca3b34a9fce634d7a0ecc9ccd5cd56 (git) Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < 499c6b43a79dd684bddbd18fe8b2235aa2764db4 (git) Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < 6173cfea2f916e01c4f98e29cd654384a05e32a3 (git) Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < 0e56f460bddb397fa9a8e6faf7ae7eaa86953eb1 (git) Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < 2645e3caf7e013189da9c6ff621d006cca5a538b (git) Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < ff287df16a1a58aca78b08d1f3ee09fc44da0351 (git) |
|
| Linux | Linux |
Affected:
4.15
Unaffected: 0 , < 4.15 (semver) Unaffected: 5.10.260 , ≤ 5.10.* (semver) Unaffected: 5.15.211 , ≤ 5.15.* (semver) Unaffected: 6.1.177 , ≤ 6.1.* (semver) Unaffected: 6.6.144 , ≤ 6.6.* (semver) Unaffected: 6.12.94 , ≤ 6.12.* (semver) Unaffected: 6.18.36 , ≤ 6.18.* (semver) Unaffected: 7.0.13 , ≤ 7.0.* (semver) Unaffected: 7.1 , ≤ * (original_commit_for_fix) |
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/display/dc/bios/bios_parser.c",
"drivers/gpu/drm/amd/display/dc/bios/bios_parser2.c",
"drivers/gpu/drm/amd/display/dc/bios/bios_parser_helper.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "e94f5323c41f32a74160378c3b19850d1f203ad5",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "04e271a952b8863bbafc99bd51aca4c32bff0e0d",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "6723188c42ca3b34a9fce634d7a0ecc9ccd5cd56",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "499c6b43a79dd684bddbd18fe8b2235aa2764db4",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "6173cfea2f916e01c4f98e29cd654384a05e32a3",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "0e56f460bddb397fa9a8e6faf7ae7eaa86953eb1",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "2645e3caf7e013189da9c6ff621d006cca5a538b",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "ff287df16a1a58aca78b08d1f3ee09fc44da0351",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/display/dc/bios/bios_parser.c",
"drivers/gpu/drm/amd/display/dc/bios/bios_parser2.c",
"drivers/gpu/drm/amd/display/dc/bios/bios_parser_helper.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.15"
},
{
"lessThan": "4.15",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.260",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.211",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.177",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.144",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.94",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.18.*",
"status": "unaffected",
"version": "6.18.36",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.*",
"status": "unaffected",
"version": "7.0.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "7.1",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.260",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.211",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.177",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.144",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.94",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18.36",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.0.13",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.1",
"versionStartIncluding": "4.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Bound VBIOS record-chain walk loops\n\n[Why \u0026 How]\nAll record-chain walk loops in bios_parser.c and bios_parser2.c use\nfor(;;) and only terminate on a 0xFF record_type sentinel or zero\nrecord_size. A malformed VBIOS image missing the terminator record\ncauses unbounded iteration at probe time, potentially hundreds of\nthousands of iterations with record_size=1. In the final iterations\nnear the BIOS image boundary, struct casts beyond the 2-byte header\nvalidated by GET_IMAGE can also read out of bounds.\n\nCap all 14 record-chain walk loops to BIOS_MAX_NUM_RECORD (256)\niterations. The atombios.h defines up to 22 distinct record types\nand atomfirmware.h has 13. Assuming an average of less than 10\nrecords per type (which is reasonable since most are connector-\nbased) 256 is a generous upper bound.\n\n(cherry picked from commit 95700a3d660287ed657d6892f7be9ffc0e294a93)"
}
],
"providerMetadata": {
"dateUpdated": "2026-07-04T11:50:51.199Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/e94f5323c41f32a74160378c3b19850d1f203ad5"
},
{
"url": "https://git.kernel.org/stable/c/04e271a952b8863bbafc99bd51aca4c32bff0e0d"
},
{
"url": "https://git.kernel.org/stable/c/6723188c42ca3b34a9fce634d7a0ecc9ccd5cd56"
},
{
"url": "https://git.kernel.org/stable/c/499c6b43a79dd684bddbd18fe8b2235aa2764db4"
},
{
"url": "https://git.kernel.org/stable/c/6173cfea2f916e01c4f98e29cd654384a05e32a3"
},
{
"url": "https://git.kernel.org/stable/c/0e56f460bddb397fa9a8e6faf7ae7eaa86953eb1"
},
{
"url": "https://git.kernel.org/stable/c/2645e3caf7e013189da9c6ff621d006cca5a538b"
},
{
"url": "https://git.kernel.org/stable/c/ff287df16a1a58aca78b08d1f3ee09fc44da0351"
}
],
"title": "drm/amd/display: Bound VBIOS record-chain walk loops",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2026-53138",
"datePublished": "2026-06-25T08:38:26.859Z",
"dateReserved": "2026-06-09T07:44:35.387Z",
"dateUpdated": "2026-07-04T11:50:51.199Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-53151 (GCVE-0-2026-53151)
Vulnerability from cvelistv5 – Published: 2026-06-25 08:38 – Updated: 2026-07-04 11:50
VLAI
EPSS
VEX
Title
rxrpc: Fix the ACK parser to extract the SACK table for parsing
Summary
In the Linux kernel, the following vulnerability has been resolved:
rxrpc: Fix the ACK parser to extract the SACK table for parsing
Fix modification of the received skbuff in rxrpc_input_soft_acks() and a
potential incorrect access of the buffer in a fragmented UDP packet (the
packet would probably have to be deliberately pre-generated as fragmented)
when AF_RXRPC tries to extract the contents of the SACK table by copying
out the contents of the SACK table into a buffer before attempting to parse
AF_RXRPC assumes that it can just call skb_condense() and then validly
access the SACK table from skb->data and that it will be a flat buffer -
but skb_condense() can silently fail to do anything under some
circumstances.
Note that whilst rxrpc_input_soft_acks() should be able to parse extended
ACKs, the rest of AF_RXRPC doesn't currently support that.
Further, there's then no need to call skb_condense() in rxrpc_input_ack(),
so don't.
Severity
9.8 (Critical)
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
d57a3a151660902091491ac2633134e1be92557f , < 5d1ae4e17a3ecd8561cdb4f4f70152f41039c4e1
(git)
Affected: d57a3a151660902091491ac2633134e1be92557f , < 775c5e89272a2615b72bb84f611ba66fa3b7493e (git) Affected: d57a3a151660902091491ac2633134e1be92557f , < 566c4c1244de50fbff1f89ff93c9d7b0fc256db4 (git) Affected: d57a3a151660902091491ac2633134e1be92557f , < 224298450be5c04d2a6ea1c2a94669d7ebf65d00 (git) Affected: d57a3a151660902091491ac2633134e1be92557f , < 333b6d5bb9f87827ac2639c737bf9613dbae7253 (git) |
|
| Linux | Linux |
Affected:
6.2
Unaffected: 0 , < 6.2 (semver) Unaffected: 6.6.144 , ≤ 6.6.* (semver) Unaffected: 6.12.95 , ≤ 6.12.* (semver) Unaffected: 6.18.36 , ≤ 6.18.* (semver) Unaffected: 7.0.13 , ≤ 7.0.* (semver) Unaffected: 7.1 , ≤ * (original_commit_for_fix) |
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/rxrpc/input.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "5d1ae4e17a3ecd8561cdb4f4f70152f41039c4e1",
"status": "affected",
"version": "d57a3a151660902091491ac2633134e1be92557f",
"versionType": "git"
},
{
"lessThan": "775c5e89272a2615b72bb84f611ba66fa3b7493e",
"status": "affected",
"version": "d57a3a151660902091491ac2633134e1be92557f",
"versionType": "git"
},
{
"lessThan": "566c4c1244de50fbff1f89ff93c9d7b0fc256db4",
"status": "affected",
"version": "d57a3a151660902091491ac2633134e1be92557f",
"versionType": "git"
},
{
"lessThan": "224298450be5c04d2a6ea1c2a94669d7ebf65d00",
"status": "affected",
"version": "d57a3a151660902091491ac2633134e1be92557f",
"versionType": "git"
},
{
"lessThan": "333b6d5bb9f87827ac2639c737bf9613dbae7253",
"status": "affected",
"version": "d57a3a151660902091491ac2633134e1be92557f",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/rxrpc/input.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.2"
},
{
"lessThan": "6.2",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.144",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.95",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.18.*",
"status": "unaffected",
"version": "6.18.36",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.*",
"status": "unaffected",
"version": "7.0.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "7.1",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.144",
"versionStartIncluding": "6.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.95",
"versionStartIncluding": "6.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18.36",
"versionStartIncluding": "6.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.0.13",
"versionStartIncluding": "6.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.1",
"versionStartIncluding": "6.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nrxrpc: Fix the ACK parser to extract the SACK table for parsing\n\nFix modification of the received skbuff in rxrpc_input_soft_acks() and a\npotential incorrect access of the buffer in a fragmented UDP packet (the\npacket would probably have to be deliberately pre-generated as fragmented)\nwhen AF_RXRPC tries to extract the contents of the SACK table by copying\nout the contents of the SACK table into a buffer before attempting to parse\n\nAF_RXRPC assumes that it can just call skb_condense() and then validly\naccess the SACK table from skb-\u003edata and that it will be a flat buffer -\nbut skb_condense() can silently fail to do anything under some\ncircumstances.\n\nNote that whilst rxrpc_input_soft_acks() should be able to parse extended\nACKs, the rest of AF_RXRPC doesn\u0027t currently support that.\n\nFurther, there\u0027s then no need to call skb_condense() in rxrpc_input_ack(),\nso don\u0027t."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-04T11:50:54.212Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/5d1ae4e17a3ecd8561cdb4f4f70152f41039c4e1"
},
{
"url": "https://git.kernel.org/stable/c/775c5e89272a2615b72bb84f611ba66fa3b7493e"
},
{
"url": "https://git.kernel.org/stable/c/566c4c1244de50fbff1f89ff93c9d7b0fc256db4"
},
{
"url": "https://git.kernel.org/stable/c/224298450be5c04d2a6ea1c2a94669d7ebf65d00"
},
{
"url": "https://git.kernel.org/stable/c/333b6d5bb9f87827ac2639c737bf9613dbae7253"
}
],
"title": "rxrpc: Fix the ACK parser to extract the SACK table for parsing",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2026-53151",
"datePublished": "2026-06-25T08:38:36.187Z",
"dateReserved": "2026-06-09T07:44:35.388Z",
"dateUpdated": "2026-07-04T11:50:54.212Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-53157 (GCVE-0-2026-53157)
Vulnerability from cvelistv5 – Published: 2026-06-25 08:38 – Updated: 2026-07-04 11:50
VLAI
EPSS
VEX
Title
net: phonet: free phonet_device after RCU grace period
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: phonet: free phonet_device after RCU grace period
phonet_device_destroy() removes a phonet_device from the per-net device
list with list_del_rcu(), but frees it immediately. RCU readers walking
the same list can still hold a pointer to the object after it has been
removed, leading to a slab-use-after-free.
Use kfree_rcu(), matching the lifetime rule already used by
phonet_address_del() for the same object type.
Severity
No CVSS data available.
Assigner
References
8 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
eeb74a9d45f781ec6f47b9e0a75a6a427b53f165 , < d59794337ea496042288c7c68356d9b9ca7f46a9
(git)
Affected: eeb74a9d45f781ec6f47b9e0a75a6a427b53f165 , < 6cd7067d6e4b0b2033ba2f918ecbd54dc2af3763 (git) Affected: eeb74a9d45f781ec6f47b9e0a75a6a427b53f165 , < 2ec8011cce0cd0fc7a5068585d867fc08d508578 (git) Affected: eeb74a9d45f781ec6f47b9e0a75a6a427b53f165 , < 09c9b92c2010481160245244ea8fa1d06d5d4ae0 (git) Affected: eeb74a9d45f781ec6f47b9e0a75a6a427b53f165 , < bd2ab4d800fc26814d89328d87b5f97ef6aa906a (git) Affected: eeb74a9d45f781ec6f47b9e0a75a6a427b53f165 , < 52b8f5ef82c886f7cd24617915e4b1579ddfd001 (git) Affected: eeb74a9d45f781ec6f47b9e0a75a6a427b53f165 , < bff309ea51f1395c1ef8be8b75ce62d28a319113 (git) Affected: eeb74a9d45f781ec6f47b9e0a75a6a427b53f165 , < 71de0177b28da751f407581a4515cf4d762f6296 (git) |
|
| Linux | Linux |
Affected:
2.6.33
Unaffected: 0 , < 2.6.33 (semver) Unaffected: 5.10.260 , ≤ 5.10.* (semver) Unaffected: 5.15.211 , ≤ 5.15.* (semver) Unaffected: 6.1.177 , ≤ 6.1.* (semver) Unaffected: 6.6.144 , ≤ 6.6.* (semver) Unaffected: 6.12.95 , ≤ 6.12.* (semver) Unaffected: 6.18.36 , ≤ 6.18.* (semver) Unaffected: 7.0.13 , ≤ 7.0.* (semver) Unaffected: 7.1 , ≤ * (original_commit_for_fix) |
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/phonet/pn_dev.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "d59794337ea496042288c7c68356d9b9ca7f46a9",
"status": "affected",
"version": "eeb74a9d45f781ec6f47b9e0a75a6a427b53f165",
"versionType": "git"
},
{
"lessThan": "6cd7067d6e4b0b2033ba2f918ecbd54dc2af3763",
"status": "affected",
"version": "eeb74a9d45f781ec6f47b9e0a75a6a427b53f165",
"versionType": "git"
},
{
"lessThan": "2ec8011cce0cd0fc7a5068585d867fc08d508578",
"status": "affected",
"version": "eeb74a9d45f781ec6f47b9e0a75a6a427b53f165",
"versionType": "git"
},
{
"lessThan": "09c9b92c2010481160245244ea8fa1d06d5d4ae0",
"status": "affected",
"version": "eeb74a9d45f781ec6f47b9e0a75a6a427b53f165",
"versionType": "git"
},
{
"lessThan": "bd2ab4d800fc26814d89328d87b5f97ef6aa906a",
"status": "affected",
"version": "eeb74a9d45f781ec6f47b9e0a75a6a427b53f165",
"versionType": "git"
},
{
"lessThan": "52b8f5ef82c886f7cd24617915e4b1579ddfd001",
"status": "affected",
"version": "eeb74a9d45f781ec6f47b9e0a75a6a427b53f165",
"versionType": "git"
},
{
"lessThan": "bff309ea51f1395c1ef8be8b75ce62d28a319113",
"status": "affected",
"version": "eeb74a9d45f781ec6f47b9e0a75a6a427b53f165",
"versionType": "git"
},
{
"lessThan": "71de0177b28da751f407581a4515cf4d762f6296",
"status": "affected",
"version": "eeb74a9d45f781ec6f47b9e0a75a6a427b53f165",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/phonet/pn_dev.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.33"
},
{
"lessThan": "2.6.33",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.260",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.211",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.177",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.144",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.95",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.18.*",
"status": "unaffected",
"version": "6.18.36",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.*",
"status": "unaffected",
"version": "7.0.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "7.1",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.260",
"versionStartIncluding": "2.6.33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.211",
"versionStartIncluding": "2.6.33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.177",
"versionStartIncluding": "2.6.33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.144",
"versionStartIncluding": "2.6.33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.95",
"versionStartIncluding": "2.6.33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18.36",
"versionStartIncluding": "2.6.33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.0.13",
"versionStartIncluding": "2.6.33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.1",
"versionStartIncluding": "2.6.33",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: phonet: free phonet_device after RCU grace period\n\nphonet_device_destroy() removes a phonet_device from the per-net device\nlist with list_del_rcu(), but frees it immediately. RCU readers walking\nthe same list can still hold a pointer to the object after it has been\nremoved, leading to a slab-use-after-free.\n\nUse kfree_rcu(), matching the lifetime rule already used by\nphonet_address_del() for the same object type."
}
],
"providerMetadata": {
"dateUpdated": "2026-07-04T11:50:55.214Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/d59794337ea496042288c7c68356d9b9ca7f46a9"
},
{
"url": "https://git.kernel.org/stable/c/6cd7067d6e4b0b2033ba2f918ecbd54dc2af3763"
},
{
"url": "https://git.kernel.org/stable/c/2ec8011cce0cd0fc7a5068585d867fc08d508578"
},
{
"url": "https://git.kernel.org/stable/c/09c9b92c2010481160245244ea8fa1d06d5d4ae0"
},
{
"url": "https://git.kernel.org/stable/c/bd2ab4d800fc26814d89328d87b5f97ef6aa906a"
},
{
"url": "https://git.kernel.org/stable/c/52b8f5ef82c886f7cd24617915e4b1579ddfd001"
},
{
"url": "https://git.kernel.org/stable/c/bff309ea51f1395c1ef8be8b75ce62d28a319113"
},
{
"url": "https://git.kernel.org/stable/c/71de0177b28da751f407581a4515cf4d762f6296"
}
],
"title": "net: phonet: free phonet_device after RCU grace period",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2026-53157",
"datePublished": "2026-06-25T08:38:40.132Z",
"dateReserved": "2026-06-09T07:44:35.388Z",
"dateUpdated": "2026-07-04T11:50:55.214Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-53163 (GCVE-0-2026-53163)
Vulnerability from cvelistv5 – Published: 2026-06-25 08:38 – Updated: 2026-07-04 11:50
VLAI
EPSS
VEX
Title
locking/rtmutex: Skip remove_waiter() when waiter is not enqueued
Summary
In the Linux kernel, the following vulnerability has been resolved:
locking/rtmutex: Skip remove_waiter() when waiter is not enqueued
syzbot triggered the following splat in remove_waiter() via
FUTEX_CMP_REQUEUE_PI:
KASAN: null-ptr-deref in range [0x0000000000000a88-0x0000000000000a8f]
class_raw_spinlock_constructor
remove_waiter+0x159/0x1200 kernel/locking/rtmutex.c:1561
rt_mutex_start_proxy_lock+0x103/0x120
futex_requeue+0x10e4/0x20d0
__x64_sys_futex+0x34f/0x4d0
task_blocks_on_rt_mutex() does not arm the waiter upon deadlock detection,
leaving waiter->task nil, where 3bfdc63936dd ("rtmutex: Use waiter::task instead
of current in remove_waiter()") made this fatal.
Furthermore, rt_mutex_start_proxy_lock() should not be calling into remove_waiter()
upon a successfully grabbing the rtmutex. 1a1fb985f2e2 ("futex: Handle early deadlock
return correctly"), moved the remove_waiter() out of __rt_mutex_start_proxy_lock()
(where 'ret' was only ever 0 or < 0) into the wrapper. Tighten this check to
account for try_to_take_rt_mutex().
Severity
No CVSS data available.
Assigner
References
6 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
d8cce4773c2b23d819baf5abedc62f7b430e8745 , < 4afda3a1da02129568a3a2f1898aa13e6763bcba
(git)
Affected: 8a1fc8d698ac5e5916e3082a0f74450d71f9611f , < 6707d7e0b71748cb3cd95bad81dae5fe1b3c8f48 (git) Affected: 6d52dfcb2a5db86e346cf51f8fcf2071b8085166 , < 5799f9bd7fee40370b93ab1ddf001cdc7017c14d (git) Affected: 3fb7394a837740770f0d6b4b30567e60786a63f2 , < a388e3dfaf9538a680de5ed43a8ebb5dd45b6e53 (git) Affected: 88614876370aac8ad1050ad785a4c095ba17ac11 , < 55363fa0a04524d11efeaadee734d2db1756ed27 (git) Affected: 3bfdc63936dd4773109b7b8c280c0f3b5ae7d349 , < 40a25d59e85b3c8709ac2424d44f65610467871e (git) |
|
| Linux | Linux |
Affected:
6.1.175 , < 6.1.177
(semver)
Affected: 6.6.140 , < 6.6.144 (semver) Affected: 6.12.86 , < 6.12.95 (semver) Affected: 6.18.27 , < 6.18.36 (semver) Affected: 7.0.4 , < 7.0.13 (semver) |
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"kernel/locking/rtmutex.c",
"kernel/locking/rtmutex_api.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "4afda3a1da02129568a3a2f1898aa13e6763bcba",
"status": "affected",
"version": "d8cce4773c2b23d819baf5abedc62f7b430e8745",
"versionType": "git"
},
{
"lessThan": "6707d7e0b71748cb3cd95bad81dae5fe1b3c8f48",
"status": "affected",
"version": "8a1fc8d698ac5e5916e3082a0f74450d71f9611f",
"versionType": "git"
},
{
"lessThan": "5799f9bd7fee40370b93ab1ddf001cdc7017c14d",
"status": "affected",
"version": "6d52dfcb2a5db86e346cf51f8fcf2071b8085166",
"versionType": "git"
},
{
"lessThan": "a388e3dfaf9538a680de5ed43a8ebb5dd45b6e53",
"status": "affected",
"version": "3fb7394a837740770f0d6b4b30567e60786a63f2",
"versionType": "git"
},
{
"lessThan": "55363fa0a04524d11efeaadee734d2db1756ed27",
"status": "affected",
"version": "88614876370aac8ad1050ad785a4c095ba17ac11",
"versionType": "git"
},
{
"lessThan": "40a25d59e85b3c8709ac2424d44f65610467871e",
"status": "affected",
"version": "3bfdc63936dd4773109b7b8c280c0f3b5ae7d349",
"versionType": "git"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"kernel/locking/rtmutex.c",
"kernel/locking/rtmutex_api.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "6.1.177",
"status": "affected",
"version": "6.1.175",
"versionType": "semver"
},
{
"lessThan": "6.6.144",
"status": "affected",
"version": "6.6.140",
"versionType": "semver"
},
{
"lessThan": "6.12.95",
"status": "affected",
"version": "6.12.86",
"versionType": "semver"
},
{
"lessThan": "6.18.36",
"status": "affected",
"version": "6.18.27",
"versionType": "semver"
},
{
"lessThan": "7.0.13",
"status": "affected",
"version": "7.0.4",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.177",
"versionStartIncluding": "6.1.175",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.144",
"versionStartIncluding": "6.6.140",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.95",
"versionStartIncluding": "6.12.86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18.36",
"versionStartIncluding": "6.18.27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.0.13",
"versionStartIncluding": "7.0.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nlocking/rtmutex: Skip remove_waiter() when waiter is not enqueued\n\nsyzbot triggered the following splat in remove_waiter() via\nFUTEX_CMP_REQUEUE_PI:\n\n KASAN: null-ptr-deref in range [0x0000000000000a88-0x0000000000000a8f]\n class_raw_spinlock_constructor\n remove_waiter+0x159/0x1200 kernel/locking/rtmutex.c:1561\n rt_mutex_start_proxy_lock+0x103/0x120\n futex_requeue+0x10e4/0x20d0\n __x64_sys_futex+0x34f/0x4d0\n\ntask_blocks_on_rt_mutex() does not arm the waiter upon deadlock detection,\nleaving waiter-\u003etask nil, where 3bfdc63936dd (\"rtmutex: Use waiter::task instead\nof current in remove_waiter()\") made this fatal.\n\nFurthermore, rt_mutex_start_proxy_lock() should not be calling into remove_waiter()\nupon a successfully grabbing the rtmutex. 1a1fb985f2e2 (\"futex: Handle early deadlock\nreturn correctly\"), moved the remove_waiter() out of __rt_mutex_start_proxy_lock()\n(where \u0027ret\u0027 was only ever 0 or \u003c 0) into the wrapper. Tighten this check to\naccount for try_to_take_rt_mutex()."
}
],
"providerMetadata": {
"dateUpdated": "2026-07-04T11:50:59.024Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/4afda3a1da02129568a3a2f1898aa13e6763bcba"
},
{
"url": "https://git.kernel.org/stable/c/6707d7e0b71748cb3cd95bad81dae5fe1b3c8f48"
},
{
"url": "https://git.kernel.org/stable/c/5799f9bd7fee40370b93ab1ddf001cdc7017c14d"
},
{
"url": "https://git.kernel.org/stable/c/a388e3dfaf9538a680de5ed43a8ebb5dd45b6e53"
},
{
"url": "https://git.kernel.org/stable/c/55363fa0a04524d11efeaadee734d2db1756ed27"
},
{
"url": "https://git.kernel.org/stable/c/40a25d59e85b3c8709ac2424d44f65610467871e"
}
],
"title": "locking/rtmutex: Skip remove_waiter() when waiter is not enqueued",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2026-53163",
"datePublished": "2026-06-25T08:38:44.108Z",
"dateReserved": "2026-06-09T07:44:35.388Z",
"dateUpdated": "2026-07-04T11:50:59.024Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-53325 (GCVE-0-2026-53325)
Vulnerability from cvelistv5 – Published: 2026-06-29 04:53 – Updated: 2026-07-04 11:51
VLAI
EPSS
VEX
Title
agp/amd64: Fix broken error propagation in agp_amd64_probe()
Summary
In the Linux kernel, the following vulnerability has been resolved:
agp/amd64: Fix broken error propagation in agp_amd64_probe()
A NULL pointer dereference was observed in the AMD64 AGP driver when
running in a virtualized environment (e.g. qemu/kvm) without a physical
AMD northbridge. The crash occurs in amd64_fetch_size() when attempting
to dereference the pointer returned by node_to_amd_nb(0).
The root cause of this crash is broken error propagation in
agp_amd64_probe(): When no AMD northbridges are found, cache_nbs()
correctly returns -ENODEV. However, the probe function erroneously
checks the return value against exactly -1, rather than < 0.
As a result, the hardware absence error is masked, allowing the driver
to improperly proceed with initialization. It eventually calls
agp_add_bridge(), which invokes amd64_fetch_size(). Since the hardware
does not exist, node_to_amd_nb(0) returns NULL, leading to a General
Protection Fault (GPF) when accessing its ->misc member.
Fix the issue by correcting the error check in agp_amd64_probe() to
abort properly when cache_nbs() returns any negative error code. This
prevents the driver from erroneously proceeding without hardware, thereby
avoiding the subsequent NULL pointer dereference at its source.
Severity
No CVSS data available.
Assigner
References
9 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
a32073bffc656ca4bde6002b6cf7c1a8e0e22712 , < ce800993af477fc24187349c6a20d3073140b759
(git)
Affected: a32073bffc656ca4bde6002b6cf7c1a8e0e22712 , < 1d7d45050e14083c1de1460c93f4063c1f0bca7b (git) Affected: a32073bffc656ca4bde6002b6cf7c1a8e0e22712 , < 3e844a63668d1c3d10a9d347d7ebf161b2f91c84 (git) Affected: a32073bffc656ca4bde6002b6cf7c1a8e0e22712 , < eb045714bc6a2bbb0befb7a31b996a196e188869 (git) Affected: a32073bffc656ca4bde6002b6cf7c1a8e0e22712 , < 564b3b3f6565313eb6fa5355ffd037d6fb27897f (git) Affected: a32073bffc656ca4bde6002b6cf7c1a8e0e22712 , < 53483a9f4ee9eeb18aa866ec16cce79e136987e1 (git) Affected: a32073bffc656ca4bde6002b6cf7c1a8e0e22712 , < 0aa9b27c454c53074cde592eaceb442d30341585 (git) Affected: a32073bffc656ca4bde6002b6cf7c1a8e0e22712 , < cefe535a60a2e00e09f4b2689b0c8ffc6912459a (git) Affected: a32073bffc656ca4bde6002b6cf7c1a8e0e22712 , < b08472db93b1ccff84a7adec5779d47f0e9d3a30 (git) |
|
| Linux | Linux |
Affected:
2.6.18
Unaffected: 0 , < 2.6.18 (semver) Unaffected: 5.10.260 , ≤ 5.10.* (semver) Unaffected: 5.15.211 , ≤ 5.15.* (semver) Unaffected: 6.1.177 , ≤ 6.1.* (semver) Unaffected: 6.6.144 , ≤ 6.6.* (semver) Unaffected: 6.12.95 , ≤ 6.12.* (semver) Unaffected: 6.18.37 , ≤ 6.18.* (semver) Unaffected: 7.0.14 , ≤ 7.0.* (semver) Unaffected: 7.1.2 , ≤ 7.1.* (semver) Unaffected: 7.2-rc1 , ≤ * (original_commit_for_fix) |
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/char/agp/amd64-agp.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "ce800993af477fc24187349c6a20d3073140b759",
"status": "affected",
"version": "a32073bffc656ca4bde6002b6cf7c1a8e0e22712",
"versionType": "git"
},
{
"lessThan": "1d7d45050e14083c1de1460c93f4063c1f0bca7b",
"status": "affected",
"version": "a32073bffc656ca4bde6002b6cf7c1a8e0e22712",
"versionType": "git"
},
{
"lessThan": "3e844a63668d1c3d10a9d347d7ebf161b2f91c84",
"status": "affected",
"version": "a32073bffc656ca4bde6002b6cf7c1a8e0e22712",
"versionType": "git"
},
{
"lessThan": "eb045714bc6a2bbb0befb7a31b996a196e188869",
"status": "affected",
"version": "a32073bffc656ca4bde6002b6cf7c1a8e0e22712",
"versionType": "git"
},
{
"lessThan": "564b3b3f6565313eb6fa5355ffd037d6fb27897f",
"status": "affected",
"version": "a32073bffc656ca4bde6002b6cf7c1a8e0e22712",
"versionType": "git"
},
{
"lessThan": "53483a9f4ee9eeb18aa866ec16cce79e136987e1",
"status": "affected",
"version": "a32073bffc656ca4bde6002b6cf7c1a8e0e22712",
"versionType": "git"
},
{
"lessThan": "0aa9b27c454c53074cde592eaceb442d30341585",
"status": "affected",
"version": "a32073bffc656ca4bde6002b6cf7c1a8e0e22712",
"versionType": "git"
},
{
"lessThan": "cefe535a60a2e00e09f4b2689b0c8ffc6912459a",
"status": "affected",
"version": "a32073bffc656ca4bde6002b6cf7c1a8e0e22712",
"versionType": "git"
},
{
"lessThan": "b08472db93b1ccff84a7adec5779d47f0e9d3a30",
"status": "affected",
"version": "a32073bffc656ca4bde6002b6cf7c1a8e0e22712",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/char/agp/amd64-agp.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.18"
},
{
"lessThan": "2.6.18",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.260",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.211",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.177",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.144",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.95",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.18.*",
"status": "unaffected",
"version": "6.18.37",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.*",
"status": "unaffected",
"version": "7.0.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.1.*",
"status": "unaffected",
"version": "7.1.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "7.2-rc1",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.260",
"versionStartIncluding": "2.6.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.211",
"versionStartIncluding": "2.6.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.177",
"versionStartIncluding": "2.6.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.144",
"versionStartIncluding": "2.6.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.95",
"versionStartIncluding": "2.6.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18.37",
"versionStartIncluding": "2.6.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.0.14",
"versionStartIncluding": "2.6.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.1.2",
"versionStartIncluding": "2.6.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.2-rc1",
"versionStartIncluding": "2.6.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nagp/amd64: Fix broken error propagation in agp_amd64_probe()\n\nA NULL pointer dereference was observed in the AMD64 AGP driver when\nrunning in a virtualized environment (e.g. qemu/kvm) without a physical\nAMD northbridge. The crash occurs in amd64_fetch_size() when attempting\nto dereference the pointer returned by node_to_amd_nb(0).\n\nThe root cause of this crash is broken error propagation in\nagp_amd64_probe(): When no AMD northbridges are found, cache_nbs()\ncorrectly returns -ENODEV. However, the probe function erroneously\nchecks the return value against exactly -1, rather than \u003c 0.\n\nAs a result, the hardware absence error is masked, allowing the driver\nto improperly proceed with initialization. It eventually calls\nagp_add_bridge(), which invokes amd64_fetch_size(). Since the hardware\ndoes not exist, node_to_amd_nb(0) returns NULL, leading to a General\nProtection Fault (GPF) when accessing its -\u003emisc member.\n\nFix the issue by correcting the error check in agp_amd64_probe() to\nabort properly when cache_nbs() returns any negative error code. This\nprevents the driver from erroneously proceeding without hardware, thereby\navoiding the subsequent NULL pointer dereference at its source."
}
],
"providerMetadata": {
"dateUpdated": "2026-07-04T11:51:03.918Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/ce800993af477fc24187349c6a20d3073140b759"
},
{
"url": "https://git.kernel.org/stable/c/1d7d45050e14083c1de1460c93f4063c1f0bca7b"
},
{
"url": "https://git.kernel.org/stable/c/3e844a63668d1c3d10a9d347d7ebf161b2f91c84"
},
{
"url": "https://git.kernel.org/stable/c/eb045714bc6a2bbb0befb7a31b996a196e188869"
},
{
"url": "https://git.kernel.org/stable/c/564b3b3f6565313eb6fa5355ffd037d6fb27897f"
},
{
"url": "https://git.kernel.org/stable/c/53483a9f4ee9eeb18aa866ec16cce79e136987e1"
},
{
"url": "https://git.kernel.org/stable/c/0aa9b27c454c53074cde592eaceb442d30341585"
},
{
"url": "https://git.kernel.org/stable/c/cefe535a60a2e00e09f4b2689b0c8ffc6912459a"
},
{
"url": "https://git.kernel.org/stable/c/b08472db93b1ccff84a7adec5779d47f0e9d3a30"
}
],
"title": "agp/amd64: Fix broken error propagation in agp_amd64_probe()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2026-53325",
"datePublished": "2026-06-29T04:53:35.833Z",
"dateReserved": "2026-06-09T07:44:35.398Z",
"dateUpdated": "2026-07-04T11:51:03.918Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-53361 (GCVE-0-2026-53361)
Vulnerability from cvelistv5 – Published: 2026-07-04 11:54 – Updated: 2026-07-04 11:54
VLAI
EPSS
VEX
Title
af_unix: Set gc_in_progress to true in unix_gc().
Summary
In the Linux kernel, the following vulnerability has been resolved:
af_unix: Set gc_in_progress to true in unix_gc().
Igor Ushakov reported that unix_gc() could run with gc_in_progress
being false if the work is scheduled while running:
Thread 1 Thread 2 Thread 3
-------- -------- --------
unix_schedule_gc() unix_schedule_gc()
`- if (!gc_in_progress) `- if (!gc_in_progress)
|- gc_in_progress = true |
`- queue_work() |
unix_gc() <----------------/ |
| |- gc_in_progress = true
... `- queue_work()
| |
`- gc_in_progress = false |
|
unix_gc() <---------------------------------------------'
|
... /* gc_in_progress == false */
|
`- gc_in_progress = false
unix_peek_fpl() relies on gc_in_progress not to confuse GC
by MSG_PEEK.
Let's set gc_in_progress to true in unix_gc().
Severity
No CVSS data available.
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
328840c93bd6a4871dd10908d01b41eab83eb8e2 , < 82c17e13d404f686e164590483fd6c1abaa675d0
(git)
Affected: 8b90a9f819dc2a06baae4ec1a64d875e53b824ec , < 591f1ac217428a6d2b32a8ac14aac0fab44f155a (git) Affected: 8b90a9f819dc2a06baae4ec1a64d875e53b824ec , < 0cfa78c050662784fc8e3ab26dbfd1dc632b2082 (git) Affected: 8b90a9f819dc2a06baae4ec1a64d875e53b824ec , < d82ba05263c69fa2437fe93e4e561cc40f4c03af (git) Affected: ceb8bd6c69c1680fd9b45e7f16d7170c9c7513a5 (git) Affected: 6.6.93 , < 6.6.144 (semver) Affected: 6.1.141 , < 6.2 (semver) |
|
| Linux | Linux |
Affected:
6.9
Unaffected: 0 , < 6.9 (semver) Unaffected: 6.6.144 , ≤ 6.6.* (semver) Unaffected: 6.12.95 , ≤ 6.12.* (semver) Unaffected: 6.18.38 , ≤ 6.18.* (semver) Unaffected: 7.1 , ≤ * (original_commit_for_fix) |
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/unix/garbage.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "82c17e13d404f686e164590483fd6c1abaa675d0",
"status": "affected",
"version": "328840c93bd6a4871dd10908d01b41eab83eb8e2",
"versionType": "git"
},
{
"lessThan": "591f1ac217428a6d2b32a8ac14aac0fab44f155a",
"status": "affected",
"version": "8b90a9f819dc2a06baae4ec1a64d875e53b824ec",
"versionType": "git"
},
{
"lessThan": "0cfa78c050662784fc8e3ab26dbfd1dc632b2082",
"status": "affected",
"version": "8b90a9f819dc2a06baae4ec1a64d875e53b824ec",
"versionType": "git"
},
{
"lessThan": "d82ba05263c69fa2437fe93e4e561cc40f4c03af",
"status": "affected",
"version": "8b90a9f819dc2a06baae4ec1a64d875e53b824ec",
"versionType": "git"
},
{
"status": "affected",
"version": "ceb8bd6c69c1680fd9b45e7f16d7170c9c7513a5",
"versionType": "git"
},
{
"lessThan": "6.6.144",
"status": "affected",
"version": "6.6.93",
"versionType": "semver"
},
{
"lessThan": "6.2",
"status": "affected",
"version": "6.1.141",
"versionType": "semver"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/unix/garbage.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.9"
},
{
"lessThan": "6.9",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.144",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.95",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.18.*",
"status": "unaffected",
"version": "6.18.38",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "7.1",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.144",
"versionStartIncluding": "6.6.93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.95",
"versionStartIncluding": "6.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18.38",
"versionStartIncluding": "6.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.1",
"versionStartIncluding": "6.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.1.141",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\naf_unix: Set gc_in_progress to true in unix_gc().\n\nIgor Ushakov reported that unix_gc() could run with gc_in_progress\nbeing false if the work is scheduled while running:\n\n Thread 1 Thread 2 Thread 3\n -------- -------- --------\n unix_schedule_gc() unix_schedule_gc()\n `- if (!gc_in_progress) `- if (!gc_in_progress)\n |- gc_in_progress = true |\n `- queue_work() |\n unix_gc() \u003c----------------/ |\n | |- gc_in_progress = true\n ... `- queue_work()\n | |\n `- gc_in_progress = false |\n |\n unix_gc() \u003c---------------------------------------------\u0027\n |\n ... /* gc_in_progress == false */\n |\n `- gc_in_progress = false\n\nunix_peek_fpl() relies on gc_in_progress not to confuse GC\nby MSG_PEEK.\n\nLet\u0027s set gc_in_progress to true in unix_gc()."
}
],
"providerMetadata": {
"dateUpdated": "2026-07-04T11:54:52.543Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/82c17e13d404f686e164590483fd6c1abaa675d0"
},
{
"url": "https://git.kernel.org/stable/c/591f1ac217428a6d2b32a8ac14aac0fab44f155a"
},
{
"url": "https://git.kernel.org/stable/c/0cfa78c050662784fc8e3ab26dbfd1dc632b2082"
},
{
"url": "https://git.kernel.org/stable/c/d82ba05263c69fa2437fe93e4e561cc40f4c03af"
}
],
"title": "af_unix: Set gc_in_progress to true in unix_gc().",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2026-53361",
"datePublished": "2026-07-04T11:54:52.543Z",
"dateReserved": "2026-06-09T07:44:35.400Z",
"dateUpdated": "2026-07-04T11:54:52.543Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-53362 (GCVE-0-2026-53362)
Vulnerability from cvelistv5 – Published: 2026-07-04 11:56 – Updated: 2026-07-04 11:56
VLAI
EPSS
VEX
Title
ipv6: account for fraggap on the paged allocation path
Summary
In the Linux kernel, the following vulnerability has been resolved:
ipv6: account for fraggap on the paged allocation path
In __ip6_append_data(), when the paged-allocation branch is taken
(MSG_MORE / NETIF_F_SG / large fraglen), alloclen and pagedlen are
computed as
alloclen = fragheaderlen + transhdrlen;
pagedlen = datalen - transhdrlen;
datalen already includes fraggap (datalen = length + fraggap). When
fraggap is non-zero, this is not the first skb and transhdrlen is zero.
The fraggap bytes carried over from the previous skb are copied just past
the fragment headers in the new skb's linear area. The linear area is
therefore undersized by fraggap bytes while pagedlen is overstated by the
same amount, and the copy writes past skb->end into the trailing
skb_shared_info.
An unprivileged user can trigger this via a UDPv6 socket using
MSG_MORE together with MSG_SPLICE_PAGES.
The bad accounting was introduced by commit 773ba4fe9104 ("ipv6:
avoid partial copy for zc"). Before commit ce650a166335 ("udp6: Fix
__ip6_append_data()'s handling of MSG_SPLICE_PAGES"), the negative
copy value caused -EINVAL to be returned. That later commit allowed
MSG_SPLICE_PAGES to proceed in this case, making the corruption
triggerable.
The non-paged branch sets alloclen to fraglen, which already accounts
for fraggap because datalen does. Bring the paged branch in line by
adding fraggap to alloclen and subtracting it from pagedlen.
After this adjustment, copy no longer collapses to -fraggap on the
paged path, so remove the stale comment describing that old arithmetic.
Since a negative copy is no longer expected for a valid MSG_SPLICE_PAGES
case, remove the MSG_SPLICE_PAGES exception from the negative copy check.
Severity
No CVSS data available.
Assigner
References
6 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
773ba4fe9104a64a54d1c00f0fb6ffb95def2b03 , < 14200d435af9a9eeb444f529fc2f689a236b7962
(git)
Affected: 773ba4fe9104a64a54d1c00f0fb6ffb95def2b03 , < 65fb14cbebb0cd0eff903a22d33537ddc8b95769 (git) Affected: 773ba4fe9104a64a54d1c00f0fb6ffb95def2b03 , < 46f201f8b4c39633a1fa3dc12459f506d470993d (git) Affected: 773ba4fe9104a64a54d1c00f0fb6ffb95def2b03 , < 6374fb9edf72c67a118a2c214a0dddd04c921e0a (git) Affected: 773ba4fe9104a64a54d1c00f0fb6ffb95def2b03 , < e9eacf19281ea2498b36291b56c9606118c2d74e (git) Affected: 773ba4fe9104a64a54d1c00f0fb6ffb95def2b03 , < 736b380e28d0480c7bc3e022f1950f31fe53a7c5 (git) |
|
| Linux | Linux |
Affected:
6.0
Unaffected: 0 , < 6.0 (semver) Unaffected: 6.1.177 , ≤ 6.1.* (semver) Unaffected: 6.6.144 , ≤ 6.6.* (semver) Unaffected: 6.12.95 , ≤ 6.12.* (semver) Unaffected: 6.18.38 , ≤ 6.18.* (semver) Unaffected: 7.1.3 , ≤ 7.1.* (semver) Unaffected: 7.2-rc1 , ≤ * (original_commit_for_fix) |
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/ipv6/ip6_output.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "14200d435af9a9eeb444f529fc2f689a236b7962",
"status": "affected",
"version": "773ba4fe9104a64a54d1c00f0fb6ffb95def2b03",
"versionType": "git"
},
{
"lessThan": "65fb14cbebb0cd0eff903a22d33537ddc8b95769",
"status": "affected",
"version": "773ba4fe9104a64a54d1c00f0fb6ffb95def2b03",
"versionType": "git"
},
{
"lessThan": "46f201f8b4c39633a1fa3dc12459f506d470993d",
"status": "affected",
"version": "773ba4fe9104a64a54d1c00f0fb6ffb95def2b03",
"versionType": "git"
},
{
"lessThan": "6374fb9edf72c67a118a2c214a0dddd04c921e0a",
"status": "affected",
"version": "773ba4fe9104a64a54d1c00f0fb6ffb95def2b03",
"versionType": "git"
},
{
"lessThan": "e9eacf19281ea2498b36291b56c9606118c2d74e",
"status": "affected",
"version": "773ba4fe9104a64a54d1c00f0fb6ffb95def2b03",
"versionType": "git"
},
{
"lessThan": "736b380e28d0480c7bc3e022f1950f31fe53a7c5",
"status": "affected",
"version": "773ba4fe9104a64a54d1c00f0fb6ffb95def2b03",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/ipv6/ip6_output.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.0"
},
{
"lessThan": "6.0",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.177",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.144",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.95",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.18.*",
"status": "unaffected",
"version": "6.18.38",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.1.*",
"status": "unaffected",
"version": "7.1.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "7.2-rc1",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.177",
"versionStartIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.144",
"versionStartIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.95",
"versionStartIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18.38",
"versionStartIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.1.3",
"versionStartIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.2-rc1",
"versionStartIncluding": "6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: account for fraggap on the paged allocation path\n\nIn __ip6_append_data(), when the paged-allocation branch is taken\n(MSG_MORE / NETIF_F_SG / large fraglen), alloclen and pagedlen are\ncomputed as\n\n\talloclen = fragheaderlen + transhdrlen;\n\tpagedlen = datalen - transhdrlen;\n\ndatalen already includes fraggap (datalen = length + fraggap). When\nfraggap is non-zero, this is not the first skb and transhdrlen is zero.\nThe fraggap bytes carried over from the previous skb are copied just past\nthe fragment headers in the new skb\u0027s linear area. The linear area is\ntherefore undersized by fraggap bytes while pagedlen is overstated by the\nsame amount, and the copy writes past skb-\u003eend into the trailing\nskb_shared_info.\n\nAn unprivileged user can trigger this via a UDPv6 socket using\nMSG_MORE together with MSG_SPLICE_PAGES.\n\nThe bad accounting was introduced by commit 773ba4fe9104 (\"ipv6:\navoid partial copy for zc\"). Before commit ce650a166335 (\"udp6: Fix\n__ip6_append_data()\u0027s handling of MSG_SPLICE_PAGES\"), the negative\ncopy value caused -EINVAL to be returned. That later commit allowed\nMSG_SPLICE_PAGES to proceed in this case, making the corruption\ntriggerable.\n\nThe non-paged branch sets alloclen to fraglen, which already accounts\nfor fraggap because datalen does. Bring the paged branch in line by\nadding fraggap to alloclen and subtracting it from pagedlen.\n\nAfter this adjustment, copy no longer collapses to -fraggap on the\npaged path, so remove the stale comment describing that old arithmetic.\nSince a negative copy is no longer expected for a valid MSG_SPLICE_PAGES\ncase, remove the MSG_SPLICE_PAGES exception from the negative copy check."
}
],
"providerMetadata": {
"dateUpdated": "2026-07-04T11:56:35.864Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/14200d435af9a9eeb444f529fc2f689a236b7962"
},
{
"url": "https://git.kernel.org/stable/c/65fb14cbebb0cd0eff903a22d33537ddc8b95769"
},
{
"url": "https://git.kernel.org/stable/c/46f201f8b4c39633a1fa3dc12459f506d470993d"
},
{
"url": "https://git.kernel.org/stable/c/6374fb9edf72c67a118a2c214a0dddd04c921e0a"
},
{
"url": "https://git.kernel.org/stable/c/e9eacf19281ea2498b36291b56c9606118c2d74e"
},
{
"url": "https://git.kernel.org/stable/c/736b380e28d0480c7bc3e022f1950f31fe53a7c5"
}
],
"title": "ipv6: account for fraggap on the paged allocation path",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2026-53362",
"datePublished": "2026-07-04T11:56:35.864Z",
"dateReserved": "2026-06-09T07:44:35.400Z",
"dateUpdated": "2026-07-04T11:56:35.864Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…