Skip to main content

Linux Kernel CVE-2026-53279

| EUVDEUVD-2026-39884 MEDIUM
2026-06-26 Linux GHSA-jqmf-8mg5-g38p
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
vuln.today AI
4.7 MEDIUM

AC:H reflects the prerequisite of specific retired hardware and a specific init failure condition; all other metrics match the local, low-privilege, availability-only impact profile.

3.1 AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
4.0 AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
Analysis Generated
Jul 08, 2026 - 04:20 vuln.today
CVSS changed
Jul 08, 2026 - 04:07 NVD
5.5 (MEDIUM)
Patch available
Jun 26, 2026 - 21:02 EUVD
CVE Published
Jun 26, 2026 - 19:40 nvd
MEDIUM 5.5
CVE Published
Jun 26, 2026 - 19:40 cve.org
UNKNOWN (no severity yet)

DescriptionNVD

In the Linux kernel, the following vulnerability has been resolved:

drm/gma500/oaktrail_lvds: fix hang on init failure

The LVDS init code looks up an I2C adapter using i2c_get_adapter() and tries to read the EDID before falling back to allocating and registering its own adapter.

The error handling does not separate these cases so on a late init failure it will try to deregister and free also an adapter that had previously been registered. Since i2c_get_adapter() takes another reference to the adapter, deregistration hangs indefinitely while waiting for the reference to be released.

Fix this by only destroying adapters allocated during LVDS init on errors.

AnalysisAI

Indefinite kernel hang in the Linux kernel's drm/gma500 Oaktrail LVDS display initialization code can be triggered locally on systems with Intel GMA 500/Oaktrail graphics hardware, causing a denial of service requiring a hard reboot. The defect lies in error handling that incorrectly attempts to deregister an I2C adapter obtained via i2c_get_adapter() - which only increments a reference count - rather than restricting cleanup to adapters the driver itself allocated. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain local shell access on Oaktrail/GMA500 system
Delivery
Trigger gma500_gfx LVDS init failure after I2C adapter lookup
Exploit
Error handler calls i2c_del_adapter() on borrowed adapter
Execution
Kernel hangs indefinitely on reference wait
Impact
System denial of service

Vulnerability AssessmentAI

Exploitation Exploitation requires: (1) local access with at least low-privilege credentials (PR:L per CVSS); (2) the target system must be equipped with an Intel GMA 500 (Poulsbo) or Oaktrail integrated graphics chipset running the gma500_gfx kernel module - this hardware is found exclusively in older Atom-based netbooks and embedded systems from approximately 2008-2012; (3) the LVDS initialization error path must be triggered, specifically a late init failure occurring after i2c_get_adapter() has already returned a reference. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The NVD CVSS score of 5.5 (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) accurately captures a local, low-privilege denial-of-service with no confidentiality or integrity impact. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A local user with low-privilege shell access on a legacy Atom-based system (e.g., a netbook or embedded device) running the Intel GMA 500/Oaktrail graphics driver encounters or induces conditions that cause the LVDS display initialization to fail after i2c_get_adapter() has already been called. The kernel's error handling then calls i2c_del_adapter() on the externally-referenced adapter, which blocks indefinitely waiting for the borrowed reference to be released, hanging the kernel and requiring a hard reboot to recover.
Remediation The primary fix is to upgrade the Linux kernel to a patched stable release: 7.1, 7.0.10, 6.18.33, 6.1.175, 6.6.141, or 6.12.91. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-53279 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy