CVE Catalog

CVE-2026-53031

HighCVSS 7.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.13%

3th percentile — higher than 3% of all known CVEs

Summary

A vulnerability was found in the Linux kernel in the arena_alloc_pages() function of the BPF subsystem. The function accepts a node_id as a plain int and forwards it without any bounds checking. Lack of validation may lead to incorrect memory allocation behavior.

Risk Assessment

The risk involves using an invalid node_id to trigger unexpected memory allocator behavior, potentially causing system crashes or security breaches.

Recommendation

Apply the security patch for the Linux kernel that adds node_id validation in arena_alloc_pages() immediately. Update to the latest stable kernel version.

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: bpf: Validate node_id in arena_alloc_pages() arena_alloc_pages() accepts a plain int node_id and forwards it through the entire allocation chain without any bounds checking. Validate node_id before passing it down the allocation chain in arena_alloc_pages().

Vulnerability data from NVD (NIST) · CISA KEV · EPSS