CVE-2026-53035

Source
https://cve.org/CVERecord?id=CVE-2026-53035
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-53035.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-53035
Downstream
Published
2026-06-24T16:29:42.560Z
Modified
2026-07-12T03:54:58.317264331Z
Summary
bpf, sockmap: Fix af_unix iter deadlock
Details

In the Linux kernel, the following vulnerability has been resolved:

bpf, sockmap: Fix af_unix iter deadlock

bpfiterunixseqshow() may deadlock when locksockfast() takes the fast path and the iter prog attempts to update a sockmap. Which ends up spinning at sockmapupdateelem()'s bhlock_sock():

WARNING: possible recursive locking detected testprogs/1393 is trying to acquire lock: ffff88811ec25f58 (slock-AFUNIX){+...}-{3:3}, at: sockmapupdate_elem+0xdb/0x1f0

but task is already holding lock: ffff88811ec25f58 (slock-AF_UNIX){+...}-{3:3}, at: __locksockfast+0x37/0xe0

other info that might help us debug this: Possible unsafe locking scenario:

   CPU0
   ----

lock(slock-AFUNIX); lock(slock-AFUNIX);

*** DEADLOCK ***

May be due to missing lock nesting notation

4 locks held by testprogs/1393: #0: ffff88814b59c790 (&p->lock){+.+.}-{4:4}, at: bpfseqread+0x59/0x10d0 #1: ffff88811ec25fd8 (sklock-AFUNIX){+.+.}-{0:0}, at: bpfseqread+0x42c/0x10d0 #2: ffff88811ec25f58 (slock-AFUNIX){+...}-{3:3}, at: _locksockfast+0x37/0xe0 #3: ffffffff85a6a7c0 (rcureadlock){....}-{1:3}, at: bpfiterrunprog+0x51d/0xb00

Call Trace: dumpstacklvl+0x5d/0x80 printdeadlockbug.cold+0xc0/0xce _lockacquire+0x130f/0x2590 lockacquire+0x14e/0x2b0 rawspinlock+0x30/0x40 sockmapupdateelem+0xdb/0x1f0 bpfprog2d0075e5d9b721cddumpunix+0x55/0x4f4 bpfiterrunprog+0x5b9/0xb00 bpfiterunixseqshow+0x1f7/0x2e0 bpfseqread+0x42c/0x10d0 vfsread+0x171/0xb20 ksysread+0xff/0x200 dosyscall64+0x6b/0x3a0 entrySYSCALL64afterhwframe+0x76/0x7e

Database specific
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/53xxx/CVE-2026-53035.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
2c860a43dd77f969bb959336a2f743d7103a8f63
Fixed
bd3592129f24243713673a07225cf1f15a9bb835
Fixed
3cef33b9813b78f227942572fb317afcd5c9ac94
Fixed
87828b380956d4986f59f2c086e0b09b3e6cdaae
Fixed
527057ebe8076dfbcaef51195ff1b7508646be2c
Fixed
66d9fab4565eafe1afe7ba0581f79b76073b60fa
Fixed
4d328dd695383224aa750ddee6b4ad40c0f8d205

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-53035.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.15.0
Fixed
6.1.175
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.141
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.91
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.18.33
Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
7.0.10

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-53035.json"