CVE-2026-53106

ANALYSIS PENDING

Linux Kernel BPF Local Storage - NMI Deadlock

Title source: manual
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: bpf: Do not allow deleting local storage in NMI Currently, local storage may deadlock when deferring freeing selem or local storage through kfree_rcu(), call_rcu() or call_rcu_tasks_trace() in NMI or reentrant. Since deleting selem in NMI is an unlikely use case, partially mitigate it by returning error when calling from bpf_xxx_storage_delete() helpers in NMI. Note that, it is still possible to deadlock through reentrant. A full mitigation requires returning error when irqs_disabled() is true, which, however is too heavy-handed for bpf_xxx_storage_delete(). The long-term solution requires _nolock versions of call_rcu. Another possible solution is to defer the free through irq_work [0], but it would grow the size of selem, which is non-ideal. The check is only needed in bpf_selem_unlink(), which is used by helpers and syscalls. bpf_selem_unlink_nofail() is fine as it is called during map and owner tear down that never run in NMI or reentrant. [0] https://lore.kernel.org/bpf/[email protected]/

Scores

EPSS 0.0014
EPSS Percentile 4.2%

Details

Status published
Products (7)
linux/Kernel 5.13.0 - 7.0.10linux
Linux/Linux < 5.13
Linux/Linux 5.13
Linux/Linux 7.0.10 - 7.0.*
Linux/Linux 7.1
Linux/Linux a10787e6d58c24b51e91c19c6d16c5da89fcaa4b - 350de5b8a9befaa2a68861c51f671d4f5f751ca5
Linux/Linux a10787e6d58c24b51e91c19c6d16c5da89fcaa4b - e84acaf936970b5b0be2c93bbf255295ba9406df
Published Jun 24, 2026
Tracked Since Jun 24, 2026