CVE-2026-53321
Received Received - Intake
Linux Kernel io_uring NAPI Busy Poll Timeout Issue

Publication date: 2026-06-26

Last updated on: 2026-06-26

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: io_uring/napi: cap busy_poll_to 10 msec Currently there's no cap on the maximum amount of time that napi is allowed to poll if no events are found, which can lead to kernel complaints on a task being stuck as there's no conditional rescheduling done within that loop. Just cap it to 10 msec in total, that's already way above any kind of sane value that will reap any benefits, yet low enough that it's nowhere near being able to trigger preemption complaints.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-26
Last Modified
2026-06-26
Generated
2026-06-27
AI Q&A
2026-06-26
EPSS Evaluated
N/A
NVD
CVE-2026-53321
EUVD
EUVD-2026-39856
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Impact Analysis

If unmitigated, this vulnerability can cause the Linux kernel to report that a task is stuck because the polling loop does not perform conditional rescheduling.

This can lead to system instability or degraded performance as the kernel may be unable to properly manage CPU time among tasks.

Executive Summary

This vulnerability exists in the Linux kernel's io_uring/napi subsystem where there is currently no limit on the maximum amount of time that napi is allowed to poll if no events are found.

Because there is no cap, the kernel can complain that a task is stuck since there is no conditional rescheduling within the polling loop.

The fix is to cap the busy polling time to 10 milliseconds, which is a value high enough to maintain performance benefits but low enough to avoid triggering preemption complaints.

Mitigation Strategies

The vulnerability has been resolved by capping the maximum amount of time that napi is allowed to poll to 10 milliseconds. To mitigate this vulnerability, ensure your Linux kernel is updated to a version that includes this fix.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-53321. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart