Time-of-check Time-of-use (TOCTOU) Race Condition in Linux kernel - CVE-2026-53250
Published: June 26, 2026
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to cause out-of-bounds memory access.
The vulnerability exists due to a time-of-check time-of-use race condition in xsk_skb_metadata() when processing transmit metadata from a userspace-writable UMEM buffer. A local user can race to overwrite csum_start and csum_offset between validation and assignment to cause out-of-bounds memory access.
The issue occurs during checksum computation in the transmit path.