Skip to main content

Linux Kernel CVE-2026-53321

| EUVDEUVD-2026-39856 MEDIUM
2026-06-26 Linux GHSA-g22f-3wv9-pgvj
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
vuln.today AI
5.5 MEDIUM

Local access required to invoke io_uring NAPI; low privilege sufficient; purely availability impact via CPU starvation; no confidentiality or integrity consequence.

3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4.0 AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
Analysis Generated
Jul 06, 2026 - 20:48 vuln.today
CVSS changed
Jul 06, 2026 - 20:22 NVD
5.5 (MEDIUM)
Patch available
Jun 26, 2026 - 21:02 EUVD
CVE Published
Jun 26, 2026 - 19:41 nvd
MEDIUM 5.5
CVE Published
Jun 26, 2026 - 19:41 cve.org
UNKNOWN (no severity yet)

DescriptionNVD

In the Linux kernel, the following vulnerability has been resolved:

io_uring/napi: cap busy_poll_to 10 msec

Currently there's no cap on the maximum amount of time that napi is allowed to poll if no events are found, which can lead to kernel complaints on a task being stuck as there's no conditional rescheduling done within that loop.

Just cap it to 10 msec in total, that's already way above any kind of sane value that will reap any benefits, yet low enough that it's nowhere near being able to trigger preemption complaints.

AnalysisAI

Unbounded NAPI busy-poll loop in the Linux kernel's io_uring subsystem allows a low-privileged local process to spin the kernel indefinitely when no I/O events arrive, triggering soft lockup watchdog complaints and degrading system availability. Affected kernels are those at or after commit 8d0c12a80cdeb80d5e0510e96d38fe551ed8e9b5 (introducing NAPI support in io_uring, Linux 6.9) through the patched stable releases 6.18.33, 7.0.10, and 7.1. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain local user account
Delivery
Open io_uring instance with NAPI registration
Exploit
Set extreme busy_poll_to timeout value
Execution
Submit I/O on idle socket with no incoming events
Persist
Kernel NAPI loop spins indefinitely without rescheduling
Impact
Soft lockup watchdog fires, system availability degraded

Vulnerability AssessmentAI

Exploitation Exploitation requires a local account with at minimum standard user privileges (PR:L per CVSS). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The NVD-assigned CVSS 5.5 (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) accurately characterizes the attack surface: exploitation is strictly local, requiring at minimum a low-privileged shell account and a kernel with io_uring NAPI compiled in. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A local attacker with a standard user account opens an io_uring instance, registers a NAPI configuration via IORING_REGISTER_NAPI with an extremely large busy_poll_to value (e.g., UINT_MAX microseconds), and submits network-bound operations on a quiet socket producing no events. The kernel NAPI poll loop spins without yielding, starving other tasks and triggering soft lockup watchdog messages - potentially hanging the affected CPU core and degrading overall system availability. …
Remediation The primary fix is to upgrade to Linux kernel 6.18.33, 7.0.10, or 7.1, each of which enforces a 10-millisecond hard cap on the io_uring NAPI busy_poll_to value. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-53321 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy