Skip to main content

Linux Kernel CVE-2026-53309

| EUVDEUVD-2026-39844 CRITICAL
Off-by-one Error (CWE-193)
2026-06-26 Linux GHSA-cjh6-575g-258g
9.8
CVSS 3.1 · Vendor: Linux
Share

Severity by source

Vendor (Linux) PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vuln.today AI
3.3 LOW

Reachable only via OCFS2 DLM cluster negotiation from a trusted peer (PR:H, AC:H); impact limited to a one-entry out-of-bounds read causing minor info leak (C:L) or instability (A:L).

3.1 AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:L
4.0 AV:N/AC:H/AT:P/PR:H/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N

Primary rating from Vendor (Linux).

CVSS VectorVendor: Linux

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

5
Analysis Generated
Jun 28, 2026 - 09:55 vuln.today
CVSS changed
Jun 28, 2026 - 08:22 NVD
9.8 (CRITICAL)
Patch available
Jun 26, 2026 - 21:02 EUVD
CVE Published
Jun 26, 2026 - 19:41 cve.org
UNKNOWN (no severity yet)
CVE Published
Jun 26, 2026 - 19:41 cve.org
CRITICAL 9.8

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

ocfs2/dlm: fix off-by-one in dlm_match_regions() region comparison

The local-vs-remote region comparison loop uses '<=' instead of '<', causing it to read one entry past the valid range of qr_regions. The other loops in the same function correctly use '<'.

Fix the loop condition to use '<' for consistency and correctness.

AnalysisAI

Out-of-bounds read in the Linux kernel's OCFS2 cluster filesystem DLM (Distributed Lock Manager) stems from an off-by-one error in dlm_match_regions(), where the local-vs-remote region comparison loop uses '<=' instead of '<' and reads one entry past the valid range of the qr_regions array. It affects systems running the OCFS2 shared-disk cluster filesystem and is reachable when nodes negotiate heartbeat/region membership; the upstream tag classifies it as Information Disclosure rather than code execution. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Join or compromise OCFS2 cluster node
Delivery
Craft malformed qr_regions list
Exploit
Send during DLM region negotiation
Execution
Trigger off-by-one OOB read on peer
Impact
Leak adjacent kernel memory or crash node

Vulnerability AssessmentAI

Exploitation Exploitation requires the target host to be running the OCFS2 clustered filesystem with its in-kernel DLM active and participating in cluster region/heartbeat negotiation - the vulnerable dlm_match_regions() path is not reached on systems without OCFS2 in use. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The signals conflict sharply. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who controls or has compromised a node in an OCFS2 cluster crafts a region descriptor list that drives dlm_match_regions() on a peer node to compare one element past the end of the qr_regions array, causing an out-of-bounds read of adjacent kernel memory that may leak a small amount of information or destabilize the node. No public exploit is identified at time of analysis, and the practical attack complexity is high because cluster membership and crafted DLM negotiation traffic are required.
Remediation Vendor-released patch: upgrade to a fixed stable kernel - 5.10.258, 5.15.209, 6.1.175, 6.6.141, 6.12.91, 6.18.33, 7.0.10, or 7.1 (pick the patch level matching your stable series), then reboot or apply via livepatch. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Identify and inventory all systems running the OCFS2 cluster filesystem; assess the sensitivity classification of data stored in shared-disk clusters. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-53309 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy