PatchSiren cyber security CVE debrief
CVE-2026-53134 Linux CVE debrief
CVE-2026-53134 is a vulnerability in the Linux kernel's netfilter: nft_fib component. The vulnerability arises from a stale stack leak via the OIFNAME register. When the destination register is declared with a length of IFNAMSIZ (four 32-bit registers) for NFT_FIB_RESULT_OIFNAME, but on the lookup-fail, RTN_LOCAL, and oif-mismatch paths, nft_fib{4,6}_eval() only writes one register via '*dest = 0'. This leaves the remaining three registers with whatever was on the stack in nft_do_chain()'s struct nft_regs. A downstream expression that loads the register span can leak that uninitialised kernel stack to userspace. The issue also involves the NFTA_FIB_F_PRESENT existence check, which was accepted for any result type despite being meaningful only for NFT_FIB_RESULT_OIF. The eval stores a single byte via nft_reg_store8(), leaving the rest of the declared span stale. The fix involves replacing the bare '*dest = 0' in the eval with nft_fib_store_result(), which strscpy_pad()s the whole IFNAMSIZ for OIFNAME, and restricting NFTA_FIB_F_PRESENT to NFT_FIB_RESULT_OIF, declaring its destination as a single u8.
- Vendor
- Linux
- Product
- Unknown
- CVSS
- Unknown
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-25
- Original CVE updated
- 2026-06-30
- Advisory published
- 2026-06-25
- Advisory updated
- 2026-06-30
Who should care
Linux kernel users and administrators should be aware of this vulnerability, as it could potentially allow attackers to leak uninitialised kernel stack data. System administrators and security teams responsible for Linux-based systems should assess their exposure and take necessary mitigation steps.
Technical summary
The vulnerability is located in the netfilter: nft_fib component of the Linux kernel. It involves a stale stack leak due to insufficient initialisation of registers in the nft_fib{4,6}_eval() function. The issue arises when handling NFT_FIB_RESULT_OIFNAME and NFTA_FIB_F_PRESENT. Attackers could potentially exploit this to leak kernel stack data. Fixes involve updating the eval function and restricting NFTA_FIB_F_PRESENT.
Defensive priority
This vulnerability should be prioritised for patching due to its potential impact on system security. Linux administrators should apply patches as soon as possible to mitigate the risk of kernel stack data leakage.
Recommended defensive actions
- Apply the official patches provided by the Linux kernel maintainers.
- Review and update Linux kernel configurations to ensure nft_fib is properly secured.
- Monitor system logs for potential exploitation attempts.
- Consider implementing additional security measures such as SELinux or AppArmor to enhance system protection.
- Perform regular vulnerability assessments and patch management.
Evidence notes
The CVE record and NVD detail provide information on the vulnerability. Multiple source references from the Linux kernel Git repository confirm the issue and its fixes. The source item URL from NVD provides additional context.
Official resources
-
CVE-2026-53134 CVE record
CVE.org
-
CVE-2026-53134 NVD detail
NVD
-
Source item URL
nvd_modified
-
Source reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67
-
Source reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67
-
Source reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67
-
Source reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67
-
Source reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67
-
Source reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67
-
Source reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67
This article is AI-assisted and based on the supplied source corpus.