Linux Kernel Vulnerability in Request Socket Handling by Google
CVE-2026-53260

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 25 June 2026

What is CVE-2026-53260?

A vulnerability has been identified in the Linux kernel related to request socket handling, which may allow for reference count underflows. The issue arises when the reqsk_queue_hash_req() function is preempted after modifying a timer, resulting in improper reference counting. This can lead to unexpected behavior in socket management during network operations, particularly under high traffic or specific timing conditions. Mitigation involves implementing preempt_disable_nested() and preempt_enable_nested() functions to ensure proper order of operations and prevent the vulnerability from being exploited.

Affected Version(s)

Linux d2d6422f8bd17c6bb205133e290625a564194496

Linux 6.12

References

https://git.kernel.org/stable/c/b183215ff714efb747d9d5a42...

https://git.kernel.org/stable/c/e10902df24488ca722303133a...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 25, 2026
Vulnerability Reserved
Jun 9, 2026

CVE-2026-53260 Data

JSON