TOCTOU Vulnerability in Linux Kernel Affecting Memory-Mapped Buffers
CVE-2026-53250

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 25 June 2026

What is CVE-2026-53250?

A vulnerability has been identified in the Linux kernel that allows attackers to exploit race conditions when accessing the TX metadata area in memory-mapped buffers. This issue stems from the way variables are referenced in the xsk_skb_metadata() function, permitting a malicious userspace application to overwrite these values between necessary reads. Consequently, this results in bypassing critical bounds checks and may lead to out-of-bounds memory access during checksum computations within the transmit pathway. A solution has been implemented to mitigate this risk by ensuring local caching of these values, thereby maintaining data consistency and preventing security breaches.

Affected Version(s)

Linux 48eb03dd26304c24f03bdbb9382e89c8564e71df < 0dfe05b938435892875e07771170051346412df9

Linux 48eb03dd26304c24f03bdbb9382e89c8564e71df

Linux 48eb03dd26304c24f03bdbb9382e89c8564e71df < 22ba97ea9cc1f63a0d0244fae38057ed452b6ac7

References

https://git.kernel.org/stable/c/0dfe05b938435892875e07771...

https://git.kernel.org/stable/c/bfdfd2706d5fb2cd496a1506e...

https://git.kernel.org/stable/c/22ba97ea9cc1f63a0d0244fae...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 25, 2026
Vulnerability Reserved
Jun 9, 2026

CVE-2026-53250 Data

JSON