PatchSiren cyber security CVE debrief
CVE-2026-53165 Linux CVE debrief
A vulnerability in the Linux kernel has been resolved, which could lead to a null pointer dereference during error reporting. The vulnerability occurs when a buffered read fails, and the error is reported with fserror_report_io(). This function is called after ifs->read_bytes_pending has been decremented by the bytes attempted to be read. For a folio split across multiple read completions, the folio is only guaranteed to stay locked while read_bytes_pending > 0. Once iomap_finish_folio_read() decrements read_bytes_pending, another in-flight read can complete and end the read on the folio, which unlocks it. This allows truncate logic to run and detach the folio (set folio->mapping to NULL). The error reporting path then can dereference a NULL folio->mapping.
- Vendor
- Linux
- Product
- Unknown
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-25
- Original CVE updated
- 2026-06-28
- Advisory published
- 2026-06-25
- Advisory updated
- 2026-06-28
Who should care
Linux kernel users and administrators should be aware of this vulnerability and take necessary actions to protect their systems. The vulnerability has a CVSS score of 7.5 and a HIGH severity rating. Users of Linux kernel versions that are affected by this vulnerability should apply the necessary patches to prevent exploitation.
Technical summary
The vulnerability occurs in the iomap_finish_folio_read() function, which reports errors with fserror_report_io(). The function is called after ifs->read_bytes_pending has been decremented, which can lead to a null pointer dereference if the folio is detached by truncate logic. The vulnerability can be exploited by an attacker to cause a denial-of-service (DoS) or potentially execute arbitrary code.
Defensive priority
High priority should be given to applying patches to fix this vulnerability. Linux kernel users and administrators should monitor their systems for any suspicious activity and apply the necessary patches as soon as possible.
Recommended defensive actions
- Apply the necessary patches to fix the vulnerability
- Monitor systems for suspicious activity
- Review and update Linux kernel configurations to prevent exploitation
- Implement compensating controls to detect and prevent similar vulnerabilities
- Perform regular vulnerability scans and penetration testing to identify potential weaknesses
Evidence notes
The vulnerability was reported by Sam Sun and was resolved by reporting the error first before decrementing ifs->read_bytes_pending. The CVE record and NVD detail provide additional information about the vulnerability.
Official resources
-
CVE-2026-53165 CVE record
CVE.org
-
CVE-2026-53165 NVD detail
NVD
-
Source item URL
nvd_modified
-
Source reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67
-
Source reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67
This article was generated with AI assistance and is based on the supplied source corpus.