User Space ACR Mask Validation Issue in Linux Kernel by Linux Foundation
CVE-2026-53370

Currently unrated

Key Information:

Vendor

Linux

Status
Vendor
CVE Published:
19 July 2026

What is CVE-2026-53370?

The Linux Kernel has a validation issue concerning user space ACR masks, particularly in handling configuration. Specifically, the vulnerability allows improper validation of the user space ACR mask (attr.config2), where indices from different ACR event groups may be accepted without adequate checks. An erroneous early termination in processing invalid ACR masks can lead to skipping essential configurations, while previous hardware ACR masks are not cleared before establishing new settings. The resolution introduces enhanced validation by dropping invalid bits from the user-space mask and clearing stale hardware configurations, ensuring a more reliable setup. Although theoretically a non-leader event in an ACR group could cause bit-shifting issues, practical usage scenarios highly rely on all events being active, minimizing this risk.

Affected Version(s)

Linux ec980e4facef8110f6fce27e5b6344660117f01f

Linux ec980e4facef8110f6fce27e5b6344660117f01f

Linux ec980e4facef8110f6fce27e5b6344660117f01f < 5ad732a56be46aabf158c16aa0c095291727aaef

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.