CVE Catalog

CVE-2026-53321

MediumCVSS 5.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.15%

5th percentile — higher than 5% of all known CVEs

Summary

In the Linux kernel's io_uring/napi subsystem, there was no cap on the maximum NAPI polling time, potentially causing task hangs and kernel preemption complaints. A 10 ms limit was added to prevent these issues.

Risk Assessment

The lack of a limit can cause prolonged user process blocking, system performance degradation, and kernel instability, especially in environments heavily using NAPI.

Recommendation

Immediately update the Linux kernel to a version containing the fix (commit with 10 ms busy_poll cap).

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: io_uring/napi: cap busy_poll_to 10 msec Currently there's no cap on the maximum amount of time that napi is allowed to poll if no events are found, which can lead to kernel complaints on a task being stuck as there's no conditional rescheduling done within that loop. Just cap it to 10 msec in total, that's already way above any kind of sane value that will reap any benefits, yet low enough that it's nowhere near being able to trigger preemption complaints.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS