CVE-2026-53288
Received Received - Intake
Memory Corruption in Linux Kernel Early Mapping

Publication date: 2026-06-26

Last updated on: 2026-06-26

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: arm64: Reserve an extra page for early kernel mapping The final part of [data, end) segment may overflow into the next page of init_pg_end[1] which is the gap page before early_init_stack[2]: [1] crash_arm64_v9.0.1> vtop ffffffed00601000 VIRTUAL PHYSICAL ffffffed00601000 83401000 PAGE DIRECTORY: ffffffecffd62000 PGD: ffffffecffd62da0 => 10000000833fb003 PMD: ffffff80033fb018 => 10000000833fe003 PTE: ffffff80033fe008 => 68000083401f03 PAGE: 83401000 PTE PHYSICAL FLAGS 68000083401f03 83401000 (VALID|SHARED|AF|NG|PXN|UXN) PAGE PHYSICAL MAPPING INDEX CNT FLAGS fffffffec00d0040 83401000 0 0 1 4000 reserved [2] ffffffed002c8000 (r) __pi__data ffffffed0054e000 (d) __pi___bss_start ffffffed005f5000 (b) __pi_init_pg_dir ffffffed005fe000 (b) __pi_init_pg_end ffffffed005ff000 (B) early_init_stack ffffffed00608000 (b) __pi__end For 4K pages, the early kernel mapping may use 2MB block entries but the kernel segments are only 64KB aligned. Segment boundaries that fall within a 2MB block therefore require a PTE table so that different attributes can be applied on either side of the boundary. KERNEL_SEGMENT_COUNT still correctly counts the five permanent kernel VMAs registered by declare_kernel_vmas(). However, since commit 5973a62efa34 ("arm64: map [_text, _stext) virtual address range non-executable+read-only"), the early mapper also maps [_text, _stext) separately from [_stext, _etext). This adds one more early-only split and can require one more page-table page than the existing EARLY_SEGMENT_EXTRA_PAGES allowance reserves. Increase the 4K-page early mapping allowance by one page to cover that additional split. [[email protected]: rewrote part of the commit log] [[email protected]: expanded the code comment]
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-26
Last Modified
2026-06-26
Generated
2026-06-27
AI Q&A
2026-06-26
EPSS Evaluated
N/A
NVD
CVE-2026-53288
EUVD
EUVD-2026-39893
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
linux linux_kernel 4.0
linux linux_kernel From 4.0 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability relates to the Linux kernel on the arm64 architecture, specifically involving the early kernel memory mapping process.

The issue arises because the final part of a memory segment may overflow into the next page, which is reserved as a gap before the early initialization stack.

Due to how the kernel maps memory segments using 4K pages and 2MB block entries, segment boundaries that fall within a 2MB block require additional page table entries to apply different memory attributes.

A recent kernel change added an extra split in the early memory mapping, which can require one more page-table page than previously accounted for.

The vulnerability was fixed by increasing the early mapping allowance by one page to cover this additional split, preventing potential overflow or incorrect memory mapping.

Impact Analysis

If unpatched, this vulnerability could cause the early kernel memory mapping to overflow into adjacent memory pages.

Such an overflow might lead to incorrect memory attributes being applied, potentially causing instability or security issues during the kernel's early initialization phase.

This could affect system reliability or security, especially on arm64 Linux systems during boot.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-53288. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart