CVE-2026-53243

MEDIUM

rseq: Fix using an uninitialized stack variable in rseq_exit_user_update()

Title source: cna
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: rseq: Fix using an uninitialized stack variable in rseq_exit_user_update() There is an bug in which an uninitialized stack variable is used in rseq_exit_user_update() as reported by syzbot: BUG: KMSAN: kernel-infoleak in rseq_set_ids_get_csaddr include/linux/rseq_entry.h:502 [inline] The local variable: struct rseq_ids ids = { .cpu_id = task_cpu(t), .mm_cid = task_mm_cid(t), .node_id = cpu_to_node(ids.cpu_id), }; According to the C standard, the evaluation order of expressions in an initializer list is indeterminately sequenced. The compiler (Clang, in this KMSAN build) evaluates `cpu_to_node(ids.cpu_id)` *before* `ids.cpu_id` is initialized with `task_cpu(t)`. This is fixed by moving the assignment of ids.node_id outside the structure initialization.

Scores

CVSS v3 5.5
EPSS 0.0011
EPSS Percentile 1.6%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-908
Status published
Products (6)
linux/Kernel 7.0.10 - 7.0.13linux
Linux/Linux 7.0.10 - 7.0.13
Linux/Linux 82f572449cfe75f12ea985986da60e11f308f77d - 6d99479799c69c3cb588fcda19c81d8f61d64ecd
Linux/Linux d242126fd21ab8f1631fdbc8589e43a9d4229f3b - e12d20a63b61aaf9de4772effccf42cc9a003e58
linux/linux_kernel 7.1 rc3 (4 CPE variants)
linux/linux_kernel 7.0.10 - 7.0.13
Published Jun 25, 2026
Tracked Since Jun 25, 2026