CVE-2026-53353

Source
https://cve.org/CVERecord?id=CVE-2026-53353
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-53353.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-53353
Downstream
Published
2026-07-01T13:32:29.699Z
Modified
2026-07-08T08:09:47.169554522Z
Summary
hsr: Remove WARN_ONCE() in hsr_addr_is_self().
Details

In the Linux kernel, the following vulnerability has been resolved:

hsr: Remove WARNONCE() in hsraddrisself().

syzbot reported the warning [0] in hsraddris_self(), whose assumption is simply wrong.

hsr->selfnode is cleared in hsrdelselfnode(), which is called from hsr_dellink().

Since dev->rtnllinkops->dellink() is called before unregisternetdevicemany(), there is a window when user can find the device but without hsr->self_node.

Let's remove WARNONCE() in hsraddrisself().

WARNING: net/hsr/hsrframereg.c:39 at hsraddrisself+0x211/0x3f0 net/hsr/hsrframereg.c:39, CPU#0: syz.4.16848/17220 Modules linked in: CPU: 0 UID: 0 PID: 17220 Comm: syz.4.16848 Tainted: G L syzkaller #0 PREEMPT{RT,(full)} Tainted: [L]=SOFTLOCKUP Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 RIP: 0010:hsraddrisself+0x211/0x3f0 net/hsr/hsrframereg.c:39 Code: 33 2f 41 0f b7 dd 89 ee 09 de 31 ff e8 c8 b4 c6 f6 09 dd 74 54 e8 0f b0 c6 f6 31 ed eb 53 e8 06 b0 c6 f6 48 8d 3d 2f 50 9c 04 <67> 48 0f b9 3a 31 ed eb 42 e8 c1 13 1f 00 89 c5 31 ff 89 c6 e8 96 RSP: 0018:ffffc900041c70e0 EFLAGS: 00010283 RAX: ffffffff8afdc6ca RBX: ffffffff8afdc4e6 RCX: 0000000000080000 RDX: ffffc90010493000 RSI: 0000000000000948 RDI: ffffffff8f9a1700 RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 R10: ffffc900041c71e8 R11: fffff52000838e3f R12: dffffc0000000000 R13: ffff888041f9e3c0 R14: ffff888086ee3802 R15: 0000000000000000 FS: 00007f6fe985d6c0(0000) GS:ffff888126176000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f80bd437dac CR3: 0000000025096000 CR4: 00000000003526f0 DR0: ffffffffffffffff DR1: 00000000000001f8 DR2: 0000000000000002 DR3: ffffffffefffff15 DR6: 00000000ffff0ff0 DR7: 0000000000000400 Call Trace: <TASK> checklocaldest net/hsr/hsrforward.c:592 [inline] fillframeinfo net/hsr/hsrforward.c:728 [inline] hsrforwardskb+0xa11/0x2a80 net/hsr/hsrforward.c:739 hsrdevxmit+0x253/0x370 net/hsr/hsrdevice.c:236 __netdevstartxmit include/linux/netdevice.h:5368 [inline] netdevstartxmit include/linux/netdevice.h:5377 [inline] xmitone net/core/dev.c:3888 [inline] devhardstartxmit+0x2df/0x860 net/core/dev.c:3904 __devqueuexmit+0x1428/0x3900 net/core/dev.c:4870 neighoutput include/net/neighbour.h:556 [inline] ipfinishoutput2+0xcec/0x10b0 net/ipv4/ipoutput.c:237 ipsendskb net/ipv4/ipoutput.c:1510 [inline] ippushpendingframes+0x8b/0x110 net/ipv4/ipoutput.c:1530 rawsendmsg+0x1547/0x1a50 net/ipv4/raw.c:659 socksendmsgnosec net/socket.c:787 [inline] __sock_sendmsg net/socket.c:802 [inline] ____sys_sendmsg+0x7da/0x9c0 net/socket.c:2698 ___sys_sendmsg+0x2a5/0x360 net/socket.c:2752 __sys_sendmsg net/socket.c:2784 [inline] __dosyssendmsg net/socket.c:2789 [inline] __sesyssendmsg net/socket.c:2787 [inline] _x64syssendmsg+0x1c3/0x2a0 net/socket.c:2787 dosyscallx64 arch/x86/entry/syscall64.c:63 [inline] dosyscall64+0x15f/0xf80 arch/x86/entry/syscall64.c:94 entrySYSCALL64afterhwframe+0x77/0x7f RIP: 0033:0x7f6feb62ce59 Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f6fe985d028 EFLAGS: 00000246 ORIGRAX: 000000000000002e RAX: ffffffffffffffda RBX: 00007f6feb8a6090 RCX: 00007f6feb62ce59 RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000004 RBP: 00007f6feb6c2d6f R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007f6feb8a6128 R14: 00007f6feb8a6090 R15: 00007ffcf01cc488 </TASK>

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/53xxx/CVE-2026-53353.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
f266a683a4804dc499efc6c2206ef68efed029d0
Fixed
271355c2ef6171dbc815e7ae653eed63444bbd58
Fixed
0232b6fcb7615fb7fecfe0727a23065a53e228b8
Fixed
66a46e22396fd5d09606f37f73643eb20e99aa42
Fixed
d71bb171661ec0225bf4babdd4d296d744982fb3
Fixed
afd0f17ca46258cec3a5cc48b8df9327fe772490

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-53353.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
3.17.0
Fixed
6.6.143
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.94
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.18.36
Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
7.0.13

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-53353.json"