Use of Uninitialized Variable in Linux kernel - CVE-2026-53332
Published: July 2, 2026
Linux kernel
Detailed vulnerability description
The vulnerability allows a local attacker to cause a denial of service.
The vulnerability exists due to use of uninitialized data in the qcom-ngd-ctrl driver when callbacks are triggered during NGD driver probing before device initialization completes. A local attacker can trigger parallel remoteproc startup or hardware interrupt handling to cause a denial of service.
The issue can prevent affected boards from booting.