CVE-2026-53211
Received Received - Intake
BaseFortify

Publication date: 2026-06-25

Last updated on: 2026-06-25

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_meta_bridge: fix stale stack leak via IIFHWADDR register NFT_META_BRI_IIFHWADDR declares its destination register with len = ETH_ALEN (6 bytes), which the register-init tracking rounds up to two 32-bit registers (8 bytes). nft_meta_bridge_get_eval() then does memcpy(dest, br_dev->dev_addr, ETH_ALEN), writing only 6 bytes and leaving the upper 2 bytes of the second register as uninitialised nft_do_chain() stack. A downstream load of that register span leaks those stale bytes to userspace. Zero the second register before the memcpy so the full declared span is written.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-25
Last Modified
2026-06-25
Generated
2026-06-25
AI Q&A
2026-06-25
EPSS Evaluated
N/A
NVD
CVE-2026-53211
EUVD
EUVD-2026-39302
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linux kernel's netfilter component, specifically in the nft_meta_bridge module. The issue arises because the IIFHWADDR register declares a destination register length of 6 bytes, but the system rounds this up to 8 bytes internally. When copying the device address, only 6 bytes are written, leaving 2 bytes uninitialized in the stack. These uninitialized bytes can then be leaked to userspace, potentially exposing stale data.

Impact Analysis

The vulnerability can lead to leakage of stale stack data to userspace. This means that sensitive or residual data from kernel memory could be exposed unintentionally, which might be exploited by attackers to gain information that should remain confidential.

Mitigation Strategies

The vulnerability has been resolved by fixing the nft_meta_bridge component in the Linux kernel to properly zero the second register before copying data, preventing stale stack leaks.

To mitigate this vulnerability immediately, you should update your Linux kernel to a version that includes this fix.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-53211. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart