Skip to main content

Linux Kernel CVE-2026-53055

| EUVDEUVD-2026-38923 CRITICAL
2026-06-24 Linux GHSA-22hh-g7wj-354w
9.8
CVSS 3.1 · Vendor: Linux
Share

Severity by source

Vendor (Linux) PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vuln.today AI
7.0 HIGH

Local crypto-API access only (AV:L), exploitation needs winning a heavy-load timing race (AC:H), low-priv local use of the driver suffices (PR:L); kernel UAF yields high C/I/A.

3.1 AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
4.0 AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (Linux).

CVSS VectorVendor: Linux

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

5
Analysis Generated
Jun 28, 2026 - 08:59 vuln.today
CVSS changed
Jun 28, 2026 - 08:22 NVD
9.8 (CRITICAL)
Patch available
Jun 24, 2026 - 18:02 EUVD
CVE Published
Jun 24, 2026 - 16:30 cve.org
CRITICAL 9.8
CVE Published
Jun 24, 2026 - 16:30 cve.org
UNKNOWN (no severity yet)

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

crypto: hisilicon/sec2 - prevent req used-after-free for sec

During packet transmission, if the system is under heavy load, the hardware might complete processing the packet and free the request memory (req) before the transmission function finishes. If the software subsequently accesses this req, a use-after-free error will occur. The qp_ctx memory exists throughout the packet sending process, so replace the req with the qp_ctx.

AnalysisAI

Use-after-free in the Linux kernel's HiSilicon SEC2 crypto accelerator driver (crypto/hisilicon/sec2) allows local memory corruption when, under heavy load, the hardware completes and frees a request (req) before the software transmission path finishes referencing it. The fix replaces the freed req with the longer-lived qp_ctx pointer. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Gain local access to HiSilicon SEC host
Delivery
Flood SEC2 driver with crypto requests
Exploit
Induce heavy-load completion race
Execution
Hardware frees req mid-transmit
Persist
Dereference dangling req (UAF)
Impact
Corrupt kernel memory for leak or escalation

Vulnerability AssessmentAI

Exploitation Requires the HiSilicon SEC2 crypto driver (drivers/crypto/hisilicon/sec2) to be loaded and active on physical HiSilicon SEC accelerator hardware, plus local access to submit crypto offload work. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment Signals conflict sharply. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A local user or compromised low-privilege process drives sustained crypto offload requests through the SEC2 driver on a HiSilicon-equipped host; under heavy load the hardware frees a request structure that the send path then dereferences, corrupting kernel memory. With careful heap grooming this use-after-free could be steered toward information disclosure or privilege escalation, though no public PoC exists and exploitation requires winning a timing race.
Remediation Upstream fix available (commits/stable patches); released patched version not independently confirmed beyond the stable references. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

24 hours: Query infrastructure team to identify all systems with HiSilicon SEC2 crypto accelerators and document current Linux kernel versions. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-53055 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy