CVE-2026-53106

Source
https://cve.org/CVERecord?id=CVE-2026-53106
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-53106.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-53106
Downstream
Published
2026-06-24T16:30:41.382Z
Modified
2026-07-08T08:09:44.844551857Z
Summary
bpf: Do not allow deleting local storage in NMI
Details

In the Linux kernel, the following vulnerability has been resolved:

bpf: Do not allow deleting local storage in NMI

Currently, local storage may deadlock when deferring freeing selem or local storage through kfreercu(), callrcu() or callrcutaskstrace() in NMI or reentrant. Since deleting selem in NMI is an unlikely use case, partially mitigate it by returning error when calling from bpfxxxstoragedelete() helpers in NMI. Note that, it is still possible to deadlock through reentrant. A full mitigation requires returning error when irqsdisabled() is true, which, however is too heavy-handed for bpfxxxstoragedelete().

The long-term solution requires nolock versions of callrcu. Another possible solution is to defer the free through irq_work [0], but it would grow the size of selem, which is non-ideal.

The check is only needed in bpfselemunlink(), which is used by helpers and syscalls. bpfselemunlink_nofail() is fine as it is called during map and owner tear down that never run in NMI or reentrant.

[0] https://lore.kernel.org/bpf/20260205190233.912-1-alexei.starovoitov@gmail.com/

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/53xxx/CVE-2026-53106.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
a10787e6d58c24b51e91c19c6d16c5da89fcaa4b
Fixed
e84acaf936970b5b0be2c93bbf255295ba9406df
Fixed
350de5b8a9befaa2a68861c51f671d4f5f751ca5

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-53106.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.13.0
Fixed
7.0.10

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-53106.json"