CVE-2026-53324

Source
https://cve.org/CVERecord?id=CVE-2026-53324
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-53324.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-53324
Downstream
Published
2026-06-26T19:41:14.708Z
Modified
2026-07-08T08:07:25.187237080Z
Summary
net: mana: Use pci_name() for debugfs directory naming
Details

In the Linux kernel, the following vulnerability has been resolved:

net: mana: Use pci_name() for debugfs directory naming

Use pciname(pdev) for the per-device debugfs directory instead of hardcoded "0" for PFs and pcislot_name(pdev->slot) for VFs. The previous approach had two issues:

  1. pcislotname() dereferences pdev->slot, which can be NULL for VFs in environments like generic VFIO passthrough or nested KVM, causing a NULL pointer dereference.

  2. Multiple PFs would all use "0", and VFs across different PCI domains or buses could share the same slot name, leading to -EEXIST errors from debugfscreatedir().

pci_name(pdev) returns the unique BDF address, is always valid, and is unique across the system.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/53xxx/CVE-2026-53324.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
6607c17c6c5e029da03a90085db22daf518232bf
Fixed
34dbd7b819544c99c9d96b400fe4db613f40ac4b
Fixed
9211eb97e8f8c28bf9313ab97862d143dbbbef97
Fixed
c116f07ab9d22bb6f355f3cf9e44c1e6a47fe559

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-53324.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.18.33
Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
7.0.10

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-53324.json"