Improper access control in Linux kernel - CVE-2026-53188
Published: June 26, 2026
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to bypass device type validation.
The vulnerability exists due to improper access control in ib_get_ucaps() when handling a file descriptor for a device with a matching dev_t value. A local user can supply a file descriptor for a block device that masquerades as a ucap cdev to bypass device type validation.
The issue arises because relying only on dev_t is unsafe due to char/block aliasing.