Improper control of a resource through its lifetime in Linux kernel - CVE-2026-53191
Published: June 26, 2026
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to improper state management in io_uring bundle recv handling in io_uring/net when processing bundle recv retries with provided buffer rings in incremental mode. A local user can trigger partial buffer consumption across retry iterations to cause a denial of service.
Userspace may wrongly advance the ring head past an entry the kernel still uses.