Skip to main content

Linux Kernel CVE-2026-53077

| EUVDEUVD-2026-38945 HIGH
2026-06-24 Linux GHSA-8q5h-9r4j-rfj7
7.8
CVSS 3.1 · Vendor: Linux
Share

Severity by source

Vendor (Linux) PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
vuln.today AI
7.1 HIGH

Local, low-priv attacker able to create a netns and use RDS/IB (AV:L/PR:L/AC:L); information disclosure (C:H) and instability/DoS (A:H) per description and tag, with no clear integrity impact (I:N).

3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
4.0 AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (Linux).

CVSS VectorVendor: Linux

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

5
Analysis Generated
Jun 28, 2026 - 09:05 vuln.today
CVSS changed
Jun 28, 2026 - 08:22 NVD
7.8 (HIGH)
Patch available
Jun 24, 2026 - 18:02 EUVD
CVE Published
Jun 24, 2026 - 16:30 cve.org
HIGH 7.8
CVE Published
Jun 24, 2026 - 16:30 cve.org
UNKNOWN (no severity yet)

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

net/rds: Restrict use of RDS/IB to the initial network namespace

Prevent using RDS/IB in network namespaces other than the initial one. The existing RDS/IB code will not work properly in non-initial network namespaces.

AnalysisAI

Improper network-namespace isolation in the Linux kernel's net/rds InfiniBand transport (RDS/IB) lets a local user operating in a non-initial network namespace trigger faulty RDS/IB behavior, because the existing code was never written to function correctly outside the initial netns. The upstream fix restricts RDS/IB to the initial network namespace entirely. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Gain local low-privilege shell
Delivery
Create non-initial network namespace
Exploit
Open RDS/IB socket inside namespace
Execution
Exercise initial-netns-assuming RDS/IB code
Impact
Kernel misbehavior, info disclosure or DoS

Vulnerability AssessmentAI

Exploitation Exploitation requires: (1) local access to the host with at least low privileges (PR:L); (2) the RDS subsystem and its InfiniBand backend (rds, rds_rdma/ib modules) loaded and usable, which is not the default on most distributions and typically presupposes RDMA/InfiniBand-capable hardware or emulation; and (3) the attacker exercising RDS/IB from a NON-INITIAL network namespace - the bug does not manifest in the initial netns. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment Signals are mixed and lean toward modest real-world risk despite the 7.8 score. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A local user (or a process inside a container) with permission to create a network namespace loads or uses the RDS/IB socket family and opens RDS sockets from within that non-initial namespace, driving the kernel through code paths that assume the initial netns. Given AV:L/AC:L, this can be done reliably from a local shell with low privileges, resulting in kernel instability or disclosure of initial-namespace state to the secondary namespace. …
Remediation Apply the vendor kernel update for your stable series - Vendor-released patch: upgrade to 5.10.258, 5.15.209, 6.1.175, 6.6.141, 6.12.91, 6.18.33, or 7.0.10/7.1 or later as appropriate for your tree (commits at https://git.kernel.org/stable/c/fb407343c0c16e94584707b2dfdd350a5f81b000 and the related stable hashes such as https://git.kernel.org/stable/c/c244b79adffad89a5173cf8bfaa06a6b40bbd09b). … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Identify systems running Linux kernel with active RDS/IB support and audit container host configurations. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-53077 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy