Race condition in Linux kernel - CVE-2026-53008

 

Race condition in Linux kernel - CVE-2026-53008

Published: June 25, 2026


Vulnerability identifier: #VU135348
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2026-53008
CWE-ID: CWE-362
Exploitation vector: Local access
Exploit availability: No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel

Detailed vulnerability description

The vulnerability allows a local user to cause a denial of service.

The vulnerability exists due to a race condition leading to a NULL pointer dereference in the ice TX timestamp ring handling when processing transmit operations concurrently with TX timestamp ring cleanup. A local user can trigger concurrent ring cleanup and transmit mapping operations to cause a denial of service.

The issue occurs because one CPU can observe the TXTIME flag as set after the timestamp ring pointer has already been cleared on another CPU.


How to mitigate CVE-2026-53008

Install security update from vendor's repository.

Sources