Out-of-bounds write in Linux kernel - CVE-2026-53194
Published: June 26, 2026
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to an out-of-bounds write in klsi_105_prepare_write_buffer() when processing writes to the tty device. A local user can write bulk_out_size or more bytes to the tty to cause a denial of service.
The issue is triggered when the write fifo holds at least the full bulk-out buffer size, causing data to be copied starting two bytes into a 64-byte buffer.
How to mitigate CVE-2026-53194
Sources
- https://git.kernel.org/stable/c/0a57320f71941d4e0b1307453c9a1f0939afe666
- https://git.kernel.org/stable/c/14147b7963685957839c76ba8094924e22777d79
- https://git.kernel.org/stable/c/372f33ebed747d91870f57c0a2e62884a870bffa
- https://git.kernel.org/stable/c/60af1fd82983c26604102e63a3fcc822c186cceb
- https://git.kernel.org/stable/c/70d86e355c564b5510fde61361df014f5476c83e
- https://git.kernel.org/stable/c/96d47e40bf9db4a9efd5c8fb53287a508d165f14
- https://git.kernel.org/stable/c/a1288cd700f721c1a119c4f1e8efa234e59caada
- https://git.kernel.org/stable/c/bde742b076cbe26ecc89c8c68c76ae076a524d02