CVE-2026-53321

MEDIUM

io_uring/napi: cap busy_poll_to 10 msec

Title source: cna
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: io_uring/napi: cap busy_poll_to 10 msec Currently there's no cap on the maximum amount of time that napi is allowed to poll if no events are found, which can lead to kernel complaints on a task being stuck as there's no conditional rescheduling done within that loop. Just cap it to 10 msec in total, that's already way above any kind of sane value that will reap any benefits, yet low enough that it's nowhere near being able to trigger preemption complaints.

Scores

CVSS v3 5.5
EPSS 0.0011
EPSS Percentile 1.6%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

Status published
Products (12)
linux/Kernel 6.19.0 - 7.0.10linux
linux/Kernel 6.9.0 - 6.18.33linux
Linux/Linux < 6.9
Linux/Linux 6.18.33 - 6.18.*
Linux/Linux 6.9
Linux/Linux 7.0.10 - 7.0.*
Linux/Linux 7.1
Linux/Linux 8d0c12a80cdeb80d5e0510e96d38fe551ed8e9b5 - 39767f944a8c9e696566c37ad5b20131406c4b8d
Linux/Linux 8d0c12a80cdeb80d5e0510e96d38fe551ed8e9b5 - cb3af525f8dfb8930f0c123e5755fa967a12d5c1
Linux/Linux 8d0c12a80cdeb80d5e0510e96d38fe551ed8e9b5 - df8599ee18c0e5fe343ffe0b4c379636b8bb839a
... and 2 more
Published Jun 26, 2026
Tracked Since Jun 27, 2026