Skip to main content

Linux Kernel CVE-2026-53301

| EUVDEUVD-2026-39836 MEDIUM
NULL Pointer Dereference (CWE-476)
2026-06-26 Linux GHSA-5gv9-wqv9-xfxq
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
vuln.today AI
5.5 MEDIUM

AV:L because hardware-local access is required; PR:L for minimum user session; A:H for kernel panic; C:N and I:N as no data exposure or modification occurs.

3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4.0 AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
Analysis Generated
Jul 06, 2026 - 20:55 vuln.today
CVSS changed
Jul 06, 2026 - 20:37 NVD
5.5 (MEDIUM)
Patch available
Jun 26, 2026 - 21:02 EUVD
CVE Published
Jun 26, 2026 - 19:40 nvd
MEDIUM 5.5
CVE Published
Jun 26, 2026 - 19:40 cve.org
UNKNOWN (no severity yet)

DescriptionNVD

In the Linux kernel, the following vulnerability has been resolved:

reset: amlogic: t7: Fix null reset ops

Fix missing reset ops causing kernel null pointer dereference. This SOC's reset is currently not used yet.

AnalysisAI

Null pointer dereference in the Amlogic T7 SoC reset driver crashes the Linux kernel when uninitialized reset operation callbacks are invoked, causing a full system denial of service. Local low-privilege users on systems physically equipped with an Amlogic T7 SoC are affected across kernel versions from the introduction commit through the patched releases 6.18.33, 7.0.10, and 7.1. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Gain local shell on Amlogic T7 system
Delivery
Trigger kernel path invoking T7 reset driver
Exploit
Dereference NULL reset_ops pointer
Execution
Kernel panic
Impact
System denial of service

Vulnerability AssessmentAI

Exploitation Exploitation requires: (1) the target system must use Amlogic T7 SoC hardware - no other platform is affected; (2) the attacker must have local access with at least low-privilege credentials (PR:L per CVSS vector); (3) a kernel code path that invokes the T7 reset driver's ops must be triggered, which the upstream maintainer notes is not yet exercised in current usage. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 vector AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H correctly reflects a local, low-privilege, availability-only impact with no confidentiality or integrity consequence - a kernel crash rather than a security compromise. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A local user with a standard shell session on an embedded or set-top device powered by an Amlogic T7 SoC triggers a kernel code path that invokes the T7 reset controller, dereferencing the uninitialized NULL reset_ops pointer and inducing an immediate kernel panic. The system crashes and becomes unavailable until rebooted, constituting a denial of service. …
Remediation Upgrade to a patched kernel version: 6.18.33 or later in the 6.18.x series, 7.0.10 or later in the 7.0.x series, or kernel 7.1 or later for mainline. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-53301 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy