CVE Catalog

CVE-2026-53106

Unknown
Published: Translated: NVD NIST

Summary

A vulnerability has been identified in the Linux kernel that allows potential deadlock of local storage when deleting elements in the NMI context. This issue has been partially mitigated by returning an error when calling from bpf_xxx_storage_delete() helpers in the NMI context.

Risk Assessment

Organizations may experience performance and stability issues if local storage becomes deadlocked in the NMI context, potentially leading to application or system crashes.

Recommendation

It is recommended to monitor and update the Linux kernel to the latest version to benefit from the fixes related to this vulnerability and to consider implementing long-term solutions such as _nolock versions of the call_rcu functions.

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: bpf: Do not allow deleting local storage in NMI Currently, local storage may deadlock when deferring freeing selem or local storage through kfree_rcu(), call_rcu() or call_rcu_tasks_trace() in NMI or reentrant. Since deleting selem in NMI is an unlikely use case, partially mitigate it by returning error when calling from bpf_xxx_storage_delete() helpers in NMI. Note that, it is still possible to deadlock through reentrant. A full mitigation requires returning error when irqs_disabled() is true, which, however is too heavy-handed for bpf_xxx_storage_delete(). The long-term solution requires _nolock versions of call_rcu. Another possible solution is to defer the free through irq_work [0], but it would grow the size of selem, which is non-ideal. The check is only needed in bpf_selem_unlink(), which is used by helpers and syscalls. bpf_selem_unlink_nofail() is fine as it is called during map and owner tear down that never run in NMI or reentrant. [0] https://lore.kernel.org/bpf/[email protected]/

Vulnerability data from NVD (NIST) · CISA KEV · EPSS