Skip to main content

Linux Kernel CVE-2026-53310

| EUVDEUVD-2026-39845 MEDIUM
2026-06-26 Linux GHSA-fpxp-9g9j-vhm7
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
vuln.today AI
5.5 MEDIUM

Local access with low privileges required; only kernel availability impacted via page fault crash; no confidentiality or integrity impact confirmed.

3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4.0 AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
Analysis Generated
Jul 06, 2026 - 20:33 vuln.today
CVSS changed
Jul 06, 2026 - 20:22 NVD
5.5 (MEDIUM)
Patch available
Jun 26, 2026 - 21:02 EUVD
CVE Published
Jun 26, 2026 - 19:41 cve.org
UNKNOWN (no severity yet)
CVE Published
Jun 26, 2026 - 19:41 nvd
MEDIUM 5.5

DescriptionNVD

In the Linux kernel, the following vulnerability has been resolved:

soc/tegra: cbb: Fix cross-fabric target timeout lookup

When a fabric receives an error interrupt, the error may have occurred on a different fabric. The target timeout lookup was using the wrong base address (cbb->regs) with offsets from a different fabric's target map, causing a kernel page fault.

Unable to handle kernel paging request at virtual address ffff80000954cc00 pc : tegra234_cbb_get_tmo_slv+0xc/0x28 Call trace: tegra234_cbb_get_tmo_slv+0xc/0x28 print_err_notifier+0x6c0/0x7d0 tegra234_cbb_isr+0xe4/0x1b4

Add tegra234_cbb_get_fabric() to look up the correct fabric device using fab_id, and use its base address for accessing target timeout registers.

AnalysisAI

Kernel page fault in the Linux kernel's Tegra234 Control Backbone (CBB) driver crashes affected NVIDIA Tegra234-based systems when a cross-fabric error interrupt triggers incorrect register address resolution. The tegra234_cbb_get_tmo_slv() function uses the receiving fabric's base address (cbb->regs) with register offsets derived from a different fabric's target map, producing an invalid virtual address dereference (ffff80000954cc00) and a kernel panic. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Gain local low-privilege access to Tegra234 system
Delivery
Trigger or await cross-fabric CBB error interrupt
Exploit
Driver resolves wrong fabric base address
Execution
Kernel dereferences invalid virtual address ffff80000954cc00
Impact
Kernel page fault causes system crash (DoS)

Vulnerability AssessmentAI

Exploitation Exploitation requires: (1) physical hardware running an NVIDIA Tegra234 SoC (Jetson AGX Orin or Drive AGX Orin - x86 and non-Tegra ARM systems are entirely unaffected); (2) an affected Linux kernel version (introduced at commit 25de5c8fe080, unfixed prior to 6.18.33/7.0.10/7.1); (3) local authenticated access with at minimum low-privilege credentials (PR:L per CVSS vector - remote exploitation is not possible, AV:L). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment CVSS 3.1 scores this 5.5 Medium (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H), reflecting a local denial-of-service with no confidentiality or integrity impact - consistent with the observable kernel page fault outcome. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A local low-privilege user on a Jetson AGX Orin or Drive AGX Orin system running an unpatched kernel induces or waits for a cross-fabric Control Backbone error interrupt - arising from an interconnect fault or deliberately induced hardware stress. When the interrupt fires, the CBB ISR calls `tegra234_cbb_get_tmo_slv` with the wrong fabric base address, dereferencing virtual address `ffff80000954cc00`, triggering a kernel page fault and system crash. …
Remediation Upgrade the kernel to a patched stable release: Linux 6.18.33, 7.0.10, or 7.1, all of which incorporate the corrective commits available at https://git.kernel.org/stable/. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-53310 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy