CVE-2026-53106
Received Received - Intake
Denial of Service in Linux Kernel BPF Local Storage

Publication date: 2026-06-24

Last updated on: 2026-06-24

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: bpf: Do not allow deleting local storage in NMI Currently, local storage may deadlock when deferring freeing selem or local storage through kfree_rcu(), call_rcu() or call_rcu_tasks_trace() in NMI or reentrant. Since deleting selem in NMI is an unlikely use case, partially mitigate it by returning error when calling from bpf_xxx_storage_delete() helpers in NMI. Note that, it is still possible to deadlock through reentrant. A full mitigation requires returning error when irqs_disabled() is true, which, however is too heavy-handed for bpf_xxx_storage_delete(). The long-term solution requires _nolock versions of call_rcu. Another possible solution is to defer the free through irq_work [0], but it would grow the size of selem, which is non-ideal. The check is only needed in bpf_selem_unlink(), which is used by helpers and syscalls. bpf_selem_unlink_nofail() is fine as it is called during map and owner tear down that never run in NMI or reentrant. [0] https://lore.kernel.org/bpf/[email protected]/
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-24
Last Modified
2026-06-24
Generated
2026-06-25
AI Q&A
2026-06-24
EPSS Evaluated
N/A
NVD
CVE-2026-53106
EUVD
EUVD-2026-38974
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linux kernel's BPF (Berkeley Packet Filter) subsystem related to local storage management during Non-Maskable Interrupts (NMI). Specifically, deleting local storage in NMI can cause a deadlock when freeing certain elements (selem) using deferred freeing mechanisms like kfree_rcu(), call_rcu(), or call_rcu_tasks_trace().

The vulnerability arises because deleting local storage in NMI or reentrant contexts is not properly handled, leading to potential deadlocks. The current mitigation is to return an error when attempting to delete local storage from BPF storage delete helpers during NMI, although some deadlock risk remains in reentrant cases.

A full fix would require more extensive changes such as implementing _nolock versions of call_rcu or deferring freeing through irq_work, but these solutions have trade-offs like increased memory usage.

Impact Analysis

This vulnerability can cause the Linux kernel to deadlock when local storage is deleted during Non-Maskable Interrupts or reentrant calls in the BPF subsystem. Such deadlocks can lead to system hangs or degraded performance, potentially impacting system stability and availability.

Mitigation Strategies

The vulnerability is mitigated by the Linux kernel returning an error when attempting to delete local storage in NMI (Non-Maskable Interrupt) context via bpf_xxx_storage_delete() helpers.

Immediate steps include updating your Linux kernel to a version that includes this fix, as the issue is resolved by preventing deletion of local storage in NMI and partially mitigating deadlocks.

A full mitigation requires more extensive changes that are not currently implemented, so applying the updated kernel is the recommended action.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-53106. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart