Out-of-bounds read in Linux kernel - CVE-2026-53076

 

Out-of-bounds read in Linux kernel - CVE-2026-53076

Published: June 25, 2026


Vulnerability identifier: #VU135245
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2026-53076
CWE-ID: CWE-125
Exploitation vector: Local access
Exploit availability: No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel

Detailed vulnerability description

The vulnerability allows a local user to disclose sensitive information.

The vulnerability exists due to an out-of-bounds read in pcpu_init_value in the BPF hashtab implementation when copying an element from a BPF_MAP_TYPE_CGROUP_STORAGE map to another per-cpu map with the same non-8-byte-aligned value_size. A local user can update the destination map with data from the crafted source map to disclose sensitive information.

The issue occurs when the source map value size is not rounded up to 8 bytes, causing a copy operation to read past the claimed source size.


How to mitigate CVE-2026-53076

Install security update from vendor's repository.

Sources