Linux Kernel Vulnerability in IPVS Service Scheduler
CVE-2026-53270

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 25 June 2026

What is CVE-2026-53270?

A vulnerability in the Linux kernel's IPVS module arises from improper management of service scheduler pointers during the updating process. When unbinding the old scheduler, the pointer to the scheduler is cleared post-invocation of RCU callbacks, leading to potential packet processing using the outdated scheduler. This issue is addressed by ensuring the scheduler pointer is cleared early in the unbind process, minimizing the risk of utilizing freed data. Additionally, the fix includes a mechanism to restore the prior scheduler upon initialization failure of a new scheduler, enhancing stability and functionality.

Affected Version(s)

Linux 05f00505a89acd21f5d0d20f5797dfbc4cf85243

Linux 05f00505a89acd21f5d0d20f5797dfbc4cf85243 < 7d4f5004511757e3984901ffb412fcf858d80ed5

References

https://git.kernel.org/stable/c/d10730a1f2caf08088e0db1b1...

https://git.kernel.org/stable/c/e4feec3174036ba772006be74...

https://git.kernel.org/stable/c/7d4f5004511757e3984901ffb...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 25, 2026
Vulnerability Reserved
Jun 9, 2026

CVE-2026-53270 Data

JSON