CVE-2026-53288
Analyzed Analyzed - Analysis Complete

Memory Corruption in Linux Kernel Early Mapping

Vulnerability report for CVE-2026-53288, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-26

Last updated on: 2026-07-08

Assigner: kernel.org

Description

In the Linux kernel, the following vulnerability has been resolved: arm64: Reserve an extra page for early kernel mapping The final part of [data, end) segment may overflow into the next page of init_pg_end[1] which is the gap page before early_init_stack[2]: [1] crash_arm64_v9.0.1> vtop ffffffed00601000 VIRTUAL PHYSICAL ffffffed00601000 83401000 PAGE DIRECTORY: ffffffecffd62000 PGD: ffffffecffd62da0 => 10000000833fb003 PMD: ffffff80033fb018 => 10000000833fe003 PTE: ffffff80033fe008 => 68000083401f03 PAGE: 83401000 PTE PHYSICAL FLAGS 68000083401f03 83401000 (VALID|SHARED|AF|NG|PXN|UXN) PAGE PHYSICAL MAPPING INDEX CNT FLAGS fffffffec00d0040 83401000 0 0 1 4000 reserved [2] ffffffed002c8000 (r) __pi__data ffffffed0054e000 (d) __pi___bss_start ffffffed005f5000 (b) __pi_init_pg_dir ffffffed005fe000 (b) __pi_init_pg_end ffffffed005ff000 (B) early_init_stack ffffffed00608000 (b) __pi__end For 4K pages, the early kernel mapping may use 2MB block entries but the kernel segments are only 64KB aligned. Segment boundaries that fall within a 2MB block therefore require a PTE table so that different attributes can be applied on either side of the boundary. KERNEL_SEGMENT_COUNT still correctly counts the five permanent kernel VMAs registered by declare_kernel_vmas(). However, since commit 5973a62efa34 ("arm64: map [_text, _stext) virtual address range non-executable+read-only"), the early mapper also maps [_text, _stext) separately from [_stext, _etext). This adds one more early-only split and can require one more page-table page than the existing EARLY_SEGMENT_EXTRA_PAGES allowance reserves. Increase the 4K-page early mapping allowance by one page to cover that additional split. [[email protected]: rewrote part of the commit log] [[email protected]: expanded the code comment]

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-26
Last Modified
2026-07-08
Generated
2026-07-17
AI Q&A
2026-06-26
EPSS Evaluated
2026-07-15
NVD
EUVD

Affected Vendors & Products

Showing 4 associated CPEs
Vendor Product Version / Range
linux linux_kernel 7.1
linux linux_kernel From 6.19 (inc) to 7.0.10 (exc)
linux linux_kernel From 6.12.54 (inc) to 6.12.91 (exc)
linux linux_kernel From 6.17.4 (inc) to 6.18.33 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-674 The product does not properly control the amount of recursion that takes place, consuming excessive resources, such as allocated memory or the program stack.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability relates to the Linux kernel on the arm64 architecture, specifically involving the early kernel memory mapping process.

The issue arises because the final part of a memory segment may overflow into the next page, which is reserved as a gap before the early initialization stack.

Due to how the kernel maps memory segments using 4K pages and 2MB block entries, segment boundaries that fall within a 2MB block require additional page table entries to apply different memory attributes.

A recent kernel change added an extra split in the early memory mapping, which can require one more page-table page than previously accounted for.

The vulnerability was fixed by increasing the early mapping allowance by one page to cover this additional split, preventing potential overflow or incorrect memory mapping.

Impact Analysis

If unpatched, this vulnerability could cause the early kernel memory mapping to overflow into adjacent memory pages.

Such an overflow might lead to incorrect memory attributes being applied, potentially causing instability or security issues during the kernel's early initialization phase.

This could affect system reliability or security, especially on arm64 Linux systems during boot.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-53288. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart