CVE-2026-53306
Received Received - Intake
Buffer Overflow in Linux Kernel HVC IUCV Driver

Publication date: 2026-06-26

Last updated on: 2026-06-26

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: tty: hvc_iucv: fix off-by-one in number of supported devices MAX_HVC_IUCV_LINES == HVC_ALLOC_TTY_ADAPTERS == 8. This is the number of entries in: static struct hvc_iucv_private *hvc_iucv_table[MAX_HVC_IUCV_LINES]; Sometimes hvc_iucv_table[] is limited by: (a) if (num > hvc_iucv_devices) // for error detection or (b) for (i = 0; i < hvc_iucv_devices; i++) // in 2 places (so these 2 don't agree; second one appears to be correct to me.) hvc_iucv_devices can be 0..8. This is a counter. (c) if (hvc_iucv_devices > MAX_HVC_IUCV_LINES) If hvc_iucv_devices == 8, (a) allows the code to access hvc_iucv_table[8]. Oops.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-26
Last Modified
2026-06-26
Generated
2026-06-27
AI Q&A
2026-06-26
EPSS Evaluated
N/A
NVD
CVE-2026-53306
EUVD
EUVD-2026-39841
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is an off-by-one error in the Linux kernel's tty subsystem, specifically in the hvc_iucv driver. The issue arises because the code incorrectly allows access to an array index that is out of bounds when the number of devices (hvc_iucv_devices) reaches its maximum value of 8. This means the code can attempt to access hvc_iucv_table[8], which is beyond the valid range of 0 to 7, potentially leading to unexpected behavior or errors.

Impact Analysis

The off-by-one error could cause the kernel to access memory outside the intended bounds of the hvc_iucv_table array. This might lead to memory corruption, crashes, or other unpredictable behavior in the kernel. Such issues can affect system stability and security, potentially allowing attackers to exploit the kernel for privilege escalation or denial of service.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-53306. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart