Information disclosure in Linux kernel - CVE-2026-53219

 

Information disclosure in Linux kernel - CVE-2026-53219

Published: June 26, 2026


Vulnerability identifier: #VU135565
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2026-53219
CWE-ID: CWE-200
Exploitation vector: Local access
Exploit availability: No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel

Detailed vulnerability description

The vulnerability allows a local user to disclose sensitive information.

The vulnerability exists due to improper handling of partially failed copy_to_user operations in x_tables get-entries implementations when copying rule entries to userspace. A local user can provide a userspace buffer that faults during the initial header copy to disclose sensitive information.

On SMP kernels, the leaked value is the internal percpu counter allocation pointer. The issue affects the IPv4, IPv6, and ARP native and compat get-entries paths.


How to mitigate CVE-2026-53219

Install security update from vendor's repository.

Sources