CVE-2026-53371
Received Received - Intake

Heap Buffer Overflow in Linux Kernel RDMA/ionic Driver

Vulnerability report for CVE-2026-53371, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-19

Last updated on: 2026-07-19

Assigner: kernel.org

Description

In the Linux kernel, the following vulnerability has been resolved: RDMA/ionic: bound node_desc sysfs read with %.64s node_desc[64] in struct ib_device is not guaranteed to be NUL- terminated. The core IB sysfs handler uses "%.64s" for exactly this reason (drivers/infiniband/core/sysfs.c:1307), since node_desc_store() performs a raw memcpy of up to IB_DEVICE_NODE_DESC_MAX bytes with no NUL termination: memcpy(desc.node_desc, buf, min_t(int, count, IB_DEVICE_NODE_DESC_MAX)); If exactly 64 bytes are written via the node_desc sysfs file, the array contains no NUL byte. The ionic hca_type_show() handler uses unbounded "%s" and will read past the end of node_desc into adjacent fields of struct ib_device until it encounters a NUL. ionic supports IB_DEVICE_MODIFY_NODE_DESC, so this is triggerable by userspace. Match the core handler and bound the format specifier.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-19
Last Modified
2026-07-19
Generated
2026-07-19
AI Q&A
2026-07-19
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
linux linux_kernel *
linux_kernel linux_kernel *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linux kernel's RDMA/ionic driver. It involves a buffer overflow risk where the node_desc field in the ib_device structure may not be properly null-terminated. When 64 bytes are written to the node_desc sysfs file, the lack of a null terminator allows the ionic hca_type_show() function to read beyond the intended buffer into adjacent memory, potentially exposing sensitive data or causing system instability.

Detection Guidance

This vulnerability is specific to the Linux kernel's RDMA/ionic driver and involves improper handling of the node_desc field in the ib_device structure. Detection requires checking if your system uses the ionic driver and inspecting sysfs entries for node_desc. No direct commands are provided in the context, but you may inspect sysfs with: ls /sys/class/infiniband/ and check for ionic devices. Review kernel logs for errors related to node_desc or ionic driver.

Impact Analysis

If exploited, this vulnerability could allow a local attacker to read sensitive kernel memory or cause a denial of service by crashing the system. Since the issue is in the RDMA subsystem and requires writing to a sysfs file, it needs local access but could be used in conjunction with other exploits for privilege escalation.

Compliance Impact

This vulnerability does not directly affect compliance with GDPR, HIPAA, or similar standards as it is a local kernel memory disclosure issue with no clear impact on data protection or privacy controls.

Mitigation Strategies

Apply the latest kernel update that includes the fix for this issue. If using a vulnerable kernel version, avoid writing exactly 64 bytes to the node_desc sysfs file for ionic devices. Monitor vendor advisories for patches and disable the ionic driver if not in use.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-53371. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart