CVE Catalog

CVE-2026-53243

MediumCVSS 5.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.16%

6th percentile — higher than 6% of all known CVEs

Summary

A vulnerability in the Linux kernel uses an uninitialized stack variable in rseq_exit_user_update(). The compiler (Clang) may evaluate cpu_to_node(ids.cpu_id) before ids.cpu_id is assigned, causing a kernel information leak.

Risk Assessment

The vulnerability could allow a local attacker to read uninitialized kernel stack data, potentially exposing sensitive system information.

Recommendation

Immediately update the Linux kernel to a version containing the fix that moves the assignment of ids.node_id outside the structure initialization.

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: rseq: Fix using an uninitialized stack variable in rseq_exit_user_update() There is an bug in which an uninitialized stack variable is used in rseq_exit_user_update() as reported by syzbot: BUG: KMSAN: kernel-infoleak in rseq_set_ids_get_csaddr include/linux/rseq_entry.h:502 [inline] The local variable: struct rseq_ids ids = { .cpu_id = task_cpu(t), .mm_cid = task_mm_cid(t), .node_id = cpu_to_node(ids.cpu_id), }; According to the C standard, the evaluation order of expressions in an initializer list is indeterminately sequenced. The compiler (Clang, in this KMSAN build) evaluates `cpu_to_node(ids.cpu_id)` *before* `ids.cpu_id` is initialized with `task_cpu(t)`. This is fixed by moving the assignment of ids.node_id outside the structure initialization.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS