Local Denial of Service Vulnerability in Linux Kernel Affecting Socket Operations
CVE-2026-53274

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 25 June 2026

What is CVE-2026-53274?

A logic flaw in the Linux kernel's __smc_setsockopt() function can let a local unprivileged user trigger a Denial of Service (DoS). This issue arises when a socket lock is held indefinitely due to the function calling copy_from_sockptr() while the lock is in effect. By using a userfaultfd-monitored memory page or FUSE-backed memory, an attacker can pause the execution of the copy operation, keeping the lock locked. When combined with other asynchronous operations, such as shutdown(), this can exhaust the kernel worker queues, resulting in the hung task watchdog being triggered and a potential DoS situation.

Affected Version(s)

Linux a6a6fe27bab48f0d09a64b051e7bde432fcae081 < 35a22117839602bb52283de08894c5a7dde92420

Linux a6a6fe27bab48f0d09a64b051e7bde432fcae081 < 5d27d2ffe487df89ce28fda0410eafa05dbe03a0

Linux a6a6fe27bab48f0d09a64b051e7bde432fcae081 < 89f6fbe0033c942cb790ffd53ca93a45eeaf1c91

References

https://git.kernel.org/stable/c/35a22117839602bb52283de08...

https://git.kernel.org/stable/c/5d27d2ffe487df89ce28fda04...

https://git.kernel.org/stable/c/89f6fbe0033c942cb790ffd53...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 25, 2026
Vulnerability Reserved
Jun 9, 2026

CVE-2026-53274 Data

JSON