CVE-2026-53022

Source
https://cve.org/CVERecord?id=CVE-2026-53022
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-53022.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-53022
Downstream
Published
2026-06-24T16:29:31.552Z
Modified
2026-07-08T08:13:46.809110282Z
Summary
platform/x86: dell-wmi-sysman: bound enumeration string aggregation
Details

In the Linux kernel, the following vulnerability has been resolved:

platform/x86: dell-wmi-sysman: bound enumeration string aggregation

populateenumdata() aggregates firmware-provided value-modifier and possible-value strings into fixed 512-byte struct members. The current code bounds each individual source string but then appends every string and separator with raw strcat() and no remaining-space check.

Switch the aggregation loops to a bounded append helper and reject enumeration packages whose combined strings do not fit in the destination buffers.

[ij: add include]

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/53xxx/CVE-2026-53022.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
e8a60aa7404bfef37705da5607c97737073ac38d
Fixed
7b3dc1f764bf24eb99474a5de8173b0b43a8b071
Fixed
75c738d4f27fa18a2a033de153bd40302bde6a66
Fixed
ba0843c1955864401295f7ba3b420afe19f2266d
Fixed
5a04f9a36930792f6d64e28d43609e158d09b665
Fixed
c5683ca4949a514fbe656c6d0d08c4c126e21db9
Fixed
90b118d264845f7aaf539ac49f7c75f1f29590e2
Fixed
3c34471c26abc52a37f5ad90949e2e4b8027eb14

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-53022.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.11.0
Fixed
5.15.209
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
6.1.175
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.141
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.91
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.18.33
Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
7.0.10

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-53022.json"