SB20260320100 - Exposure of resource to wrong sphere in Linux kernel media dvb-core driver
Published: March 20, 2026
Security Bulletin ID
SB20260320100
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Exposure of resource to wrong sphere (CVE-ID: CVE-2026-23253)
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to improper initialization in the dvb_ringbuffer component when reopening a DVR device. A local user can open a specially crafted DVR device to cause a denial of service.
The issue arises because dvb_dvr_open() reinitializes the shared waitqueue head, which can orphan existing waitqueue entries from io_uring poll or epoll, leading to stale pointers and potential system instability.
Remediation
Install update from vendor's website.