Skip to main content

Linux Kernel CVE-2026-53021

| EUVDEUVD-2026-38889 MEDIUM
Integer Overflow or Wraparound (CWE-190)
2026-06-24 Linux GHSA-mw2m-v92w-q9ww
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
vuln.today AI
5.5 MEDIUM

Local access with low privileges required to issue SCSI UNMAP commands; impact is kernel crash only, no confidentiality or integrity loss.

3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4.0 AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
Analysis Generated
Jul 15, 2026 - 16:31 vuln.today
CVSS changed
Jul 15, 2026 - 14:22 NVD
5.5 (MEDIUM)
Patch available
Jun 24, 2026 - 18:02 EUVD
CVE Published
Jun 24, 2026 - 16:29 nvd
MEDIUM 5.5
CVE Published
Jun 24, 2026 - 16:29 cve.org
UNKNOWN (no severity yet)

DescriptionNVD

In the Linux kernel, the following vulnerability has been resolved:

scsi: target: core: Fix integer overflow in UNMAP bounds check

sbc_execute_unmap() checks LBA + range does not exceed the device capacity, but does not guard against LBA + range wrapping around on 64-bit overflow.

Add an overflow check matching the pattern already used for WRITE_SAME in the same file.

AnalysisAI

Integer overflow in the Linux kernel SCSI target core allows a local attacker with low privileges to crash the kernel via crafted UNMAP commands. The sbc_execute_unmap() function performs a capacity bounds check on LBA + range but fails to guard against 64-bit wraparound, meaning an attacker can supply values that overflow to bypass the check and trigger a kernel panic. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Gain local access to Linux system running SCSI target
Delivery
Craft UNMAP command with LBA+range integer overflow values
Exploit
Submit malicious UNMAP to target_core_sbc subsystem
Execution
Overflow bypasses device capacity bounds check
Impact
Kernel panic triggers system-wide denial of service

Vulnerability AssessmentAI

Exploitation The Linux SCSI target subsystem must be active on the system - specifically, the kernel must be configured and running as an iSCSI target, LIO target, or equivalent SCSI target daemon (e.g., targetcli/rtslib). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The provided CVSS vector (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H, score 5.5) accurately characterizes this as a local, low-complexity denial-of-service with no privilege escalation or data exposure. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A local attacker with standard user credentials on a Linux system acting as an iSCSI or LIO SCSI target submits a crafted UNMAP command in which the LBA and range fields are chosen so their 64-bit sum overflows to a small value, bypassing the device capacity bounds check in `sbc_execute_unmap()`. The kernel proceeds with an out-of-bounds operation, triggering a kernel panic and bringing down the entire system. …
Remediation The primary fix is to upgrade the Linux kernel to one of the patched stable releases: 5.10.258+, 5.15.209+, 6.1.175+, 6.6.141+, 6.12.91+, 6.18.33+, 7.0.10+, or 7.1+. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-53021 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy