Memory Dereference Vulnerability in Linux Kernel Mailbox Controllers
CVE-2026-53295

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 26 June 2026

What is CVE-2026-53295?

A vulnerability exists in the Linux kernel concerning mailbox controllers. This issue arises when there is an absence of a channel array, which can lead to a failure during operation. If the kernel attempts to dereference a non-existent array, it could cause operational faults (OOPS) that might not be readily observable, particularly if the mailbox is instantiated early in the boot process. The fix introduces a sanity check that prevents operations on an absent channel array, improving system stability.

Affected Version(s)

Linux 2b6d83e2b8b7de82331a6a1dcd64b51020a6031c < 5cc3300fab262b26c28bc2fc06df693410c3840b

Linux 2b6d83e2b8b7de82331a6a1dcd64b51020a6031c < 0f11444271110d9b5bc6316a153c6431abda899c

Linux 2b6d83e2b8b7de82331a6a1dcd64b51020a6031c

References

https://git.kernel.org/stable/c/5cc3300fab262b26c28bc2fc0...

https://git.kernel.org/stable/c/0f11444271110d9b5bc6316a1...

https://git.kernel.org/stable/c/d44872a569b8fbacde457ff25...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 26, 2026
Vulnerability Reserved
Jun 9, 2026

CVE-2026-53295 Data

JSON