Improper input validation in Linux kernel - CVE-2026-53039
Published: June 25, 2026
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to improper input validation in ocfs2_group_add when handling the OCFS2_IOC_GROUP_ADD ioctl with a user-controlled group block before validation. A local user can supply crafted group add input to cause a denial of service.
The issue can trigger a kernel BUG in ocfs2_set_new_buffer_uptodate().
How to mitigate CVE-2026-53039
Sources
- https://git.kernel.org/stable/c/22544ddedf381ed5191cfc783aea8d6c936bc201
- https://git.kernel.org/stable/c/6c5e70409c1961fe1278968f038eaaed6cc1145a
- https://git.kernel.org/stable/c/70b672833f4025341c11b22c7f83778a5cd611bc
- https://git.kernel.org/stable/c/76bd722db0a92b84ccd99e03796a0b6f1ae71c31
- https://git.kernel.org/stable/c/aed87e866d1a321edb9703563c2faa8fec89835d
- https://git.kernel.org/stable/c/b9ae3942deec4c9e3fa2070521f90910f7490011
- https://git.kernel.org/stable/c/e7c2cb552e6eb85c0f5aefdd7f0f7c3c8591a6a3
- https://git.kernel.org/stable/c/f7e139d7563f6947ad509fb468903941d0bb7ddd