Skip to main content

Linux Kernel EUVDEUVD-2026-38978

| CVE-2026-53110 HIGH
2026-06-24 Linux GHSA-j2v8-v4c8-53mp
7.8
CVSS 3.1 · Vendor: Linux
Share

Severity by source

Vendor (Linux) PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
vuln.today AI
7.8 HIGH

Local s390x host with BPF-load capability gives PR:L/AV:L; crafting the triggering program is straightforward (AC:L); JIT miscompilation can disclose kernel memory and corrupt kernel state, so C/I/A:H.

3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
4.0 AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (Linux).

CVSS VectorVendor: Linux

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

5
Analysis Generated
Jun 28, 2026 - 09:12 vuln.today
CVSS changed
Jun 28, 2026 - 08:22 NVD
7.8 (HIGH)
Patch available
Jun 24, 2026 - 18:02 EUVD
CVE Published
Jun 24, 2026 - 16:30 cve.org
HIGH 7.8
CVE Published
Jun 24, 2026 - 16:30 cve.org
UNKNOWN (no severity yet)

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

s390/bpf: Zero-extend bpf prog return values and kfunc arguments

s390x ABI requires callers to zero-extend unsigned arguments and sign-extend signed arguments, and callees to zero-extend unsigned return values and sign-extend signed return values.

s390 BPF JIT currently implements only sign extension. Fix this omission and implement zero extension too.

AnalysisAI

Memory-safety and information-disclosure risk in the Linux kernel s390 (IBM Z) eBPF JIT compiler stems from incomplete ABI compliance: the JIT sign-extended values but never zero-extended unsigned BPF program return values and kfunc arguments as the s390x calling convention requires. On s390x hosts, a local user able to load BPF programs can cause the JIT to emit code that leaves stale upper register bits, producing incorrect computation that can leak kernel data or corrupt execution. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain local access on s390x host
Delivery
Load crafted BPF program or invoke kfunc
Exploit
JIT skips required zero-extension
Execution
Read stale upper register bits
Impact
Leak kernel memory or corrupt computation

Vulnerability AssessmentAI

Exploitation Exploitation requires a local foothold on an IBM Z / s390x system running an affected Linux kernel with the eBPF JIT enabled (net.core.bpf_jit_enable), and the ability to load a BPF program or trigger a kfunc whose unsigned return value or arguments traverse the missing zero-extension path - i.e. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment Signals are moderately consistent but point to a low-to-moderate real-world priority. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario On an s390x Linux host where unprivileged or container-confined users can load BPF programs, an attacker crafts a BPF program (or invokes a kfunc) whose unsigned return value or argument relies on the high register bits being cleared; because the JIT omits zero-extension, stale kernel data remains in those bits and is read back into the program, leaking kernel memory contents or steering subsequent logic incorrectly. No public exploit is identified at time of analysis, and the local, low-complexity vector means a foothold with BPF-load capability is the main prerequisite.
Remediation Vendor-released patch: update to a fixed stable kernel - 6.6.141, 6.12.91, 6.18.33, 7.0.10 or 7.1, or apply the corresponding distribution backport, then reboot so the patched s390 BPF JIT takes effect; the upstream fixes are the kernel.org stable commits edc90a12073b, 44c4f999b03f, 366b0e05ee24, 834918a77be5 and 202e42e4aa89 (advisory: https://nvd.nist.gov/vuln/detail/CVE-2026-53110). … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Inventory all IBM Z systems and identify kernel versions affected by CVE-2026-53110. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-38978 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy