Use of Uninitialized Variable in Linux kernel - CVE-2026-53134
Published: June 26, 2026
Vulnerability identifier: #VU135654
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2026-53134
CWE-ID: CWE-457
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to disclose sensitive information.
The vulnerability exists due to uninitialized memory exposure in the nft_fib IPv4/IPv6 evaluation logic when processing nftables fib expressions that use the OIFNAME result or an invalid NFTA_FIB_F_PRESENT combination. A local user can configure and trigger a crafted fib expression to disclose sensitive information.
The issue occurs because only part of the declared destination register span is written on certain evaluation paths, leaving stale kernel stack data available to a downstream expression that reads the full register span.
How to mitigate CVE-2026-53134
Install security update from vendor's repository.
Sources
- https://git.kernel.org/stable/c/3544210609f6d1db282bbdeca639104ef624c393
- https://git.kernel.org/stable/c/6744e49fe51bfba26522acc2d0e9703cb41d8e50
- https://git.kernel.org/stable/c/84d8f58cf28a0415413f43ba7148f7bacd4c1b6e
- https://git.kernel.org/stable/c/8c84885e9790823828bb8084736ea15769b1ac16
- https://git.kernel.org/stable/c/ab185e0c4fb82dfba6fb86f8271e06f931d9c64c
- https://git.kernel.org/stable/c/d19ddef8c327a4773ff81f8e51027d1e0b4cf069
- https://git.kernel.org/stable/c/eb8a8124484dbc3c2b543e207da39bbccb703d31
- https://git.kernel.org/stable/c/eca18feed38b3377a2ec5d1f22af1170c55d0171