Skip to main content

Linux Kernel CVE-2026-53045

| EUVDEUVD-2026-38913 CRITICAL
2026-06-24 Linux GHSA-wxrq-q288-7rhp
9.8
CVSS 3.1 · Vendor: Linux
Share

Severity by source

Vendor (Linux) PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vuln.today AI
1.9 LOW

Local hardware-bound driver path requiring privileged in-kernel EMC scaling (PR:H, AV:L), race/timing-dependent transition (AC:H); impact is limited memory instability (A:L) with no confidentiality or integrity loss.

3.1 AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L
4.0 AV:L/AC:H/AT:P/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Primary rating from Vendor (Linux).

CVSS VectorVendor: Linux

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

5
Analysis Generated
Jun 28, 2026 - 08:56 vuln.today
CVSS changed
Jun 28, 2026 - 08:22 NVD
9.8 (CRITICAL)
Patch available
Jun 24, 2026 - 18:02 EUVD
CVE Published
Jun 24, 2026 - 16:29 cve.org
CRITICAL 9.8
CVE Published
Jun 24, 2026 - 16:29 cve.org
UNKNOWN (no severity yet)

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

memory: tegra124-emc: Fix dll_change check

The code checking whether the specified memory timing enables DLL in the EMRS register was reversed. DLL is enabled if bit A0 is low. Fix the check.

AnalysisAI

Incorrect DLL-enable logic in the Linux kernel's Tegra124 External Memory Controller (EMC) driver (drivers/memory/tegra/tegra124-emc) caused a reversed check of the EMRS register's A0 bit, which determines whether the memory DLL is enabled (DLL is on when A0 is low). On affected NVIDIA Tegra124 SoC platforms this could mis-program DRAM timing during frequency scaling, leading to memory instability rather than a remotely triggerable compromise. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Run on Tegra124 device
Delivery
Trigger EMC frequency transition
Exploit
Reversed DLL check mis-programs EMRS
Execution
DRAM timing/DLL misconfigured
Impact
Memory instability or corruption

Vulnerability AssessmentAI

Exploitation Requires the affected system to be an NVIDIA Tegra124 SoC running the Linux tegra124-emc driver and to perform an EMC memory-frequency transition that exercises the DLL-enable decision in the EMRS register path. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The signals conflict sharply. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker with the ability to run code or influence EMC frequency scaling on a Tegra124-based device could attempt to drive the DRAM through a transition where the DLL is mis-enabled, inducing memory timing corruption or instability. No public proof-of-concept exists, and there is no remote vector; realistically this manifests as a reliability/availability defect on the specific hardware rather than a weaponizable exploit.
Remediation Vendor-released patch: update to a fixed stable kernel - 5.10.258, 5.15.209, 6.1.175, 6.6.141, 6.12.91, 6.18.33, 7.0.10, or 7.1 (or later in each series), which correct the reversed DLL check. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

24 hours: Inventory all systems running Tegra124 SoCs (embedded devices, mobile platforms) and document their current kernel versions. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-53045 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy