HOMEVULNERABILITIESCVE-2026-53076
HIGH

CVE-2026-53076

Published: June 24, 2026· Updated: Jun 28, 2026

7.1
CVSS v3.1
EPSS:0.16%probability of exploitation in 30 daysPercentile:5.1th

Official Description

In the Linux kernel, the following vulnerability has been resolved:

bpf: Fix OOB in pcpu_init_value

An out-of-bounds read occurs when copying element from a

BPF_MAP_TYPE_CGROUP_STORAGE map to another pcpu map with the

same value_size that is not rounded up to 8 bytes.

The issue happens when:

1. A CGROUP_STORAGE map is created with value_size not aligned to

8 bytes (e.g., 4 bytes)

2. A pcpu map is created with the same value_size (e.g., 4 bytes)

3. Update element in 2 with data in 1

pcpu_init_value assumes that all sources are rounded up to 8 bytes,

and invokes copy_map_value_long to make a data copy, However, the

assumption doesn't stand since there are some cases where the source

may not be rounded up to 8 bytes, e.g., CGROUP_STORAGE, skb->data.

the verifier verifies exactly the size that the source claims, not

the size rounded up to 8 bytes by kernel, an OOB happens when the

source has only 4 bytes while the copy size(4) is rounded up to 8.

NVD Source

Technical Analysis

CVE-2026-53076 requires local access, meaning attackers must already have a foothold on the target system.

Exploitation requires low privileges, which limits the exposure to scenarios where an attacker has already gained initial access.

A successful exploit results in complete confidentiality breach (data exposure), availability disruption (denial of service), with a CVSS base score of 7.1.

CVSS v3.1 Vector Breakdown

Exploitability
Attack VectorLocal
Attack ComplexityLow
Privileges Req.Low
User InteractionNone
ScopeUnchanged
Impact
ConfidentialityHigh
IntegrityNone
AvailabilityHigh
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Affected Vendors & Products

Mentioned vendors (from description):
Linux
CPE data not yet available in NVD for this CVE.

Exploit & PoC Resources

NO KNOWN EXPLOITNo public exploit confirmed at this time
External links open in a new tab. Always verify in a controlled environment before use.

All References (5)

Quick Facts

CVE IDCVE-2026-53076
CVSS Score7.1 / 10
SeverityHIGH
CISA KEVNo
EPSS (30d)0.16%
PublishedJun 24, 2026

Recommended Actions

  • Apply vendor patches immediately
  • Monitor CVE-2026-53076 in threat intel feeds
  • Review IDS/IPS signatures for exploitation attempts
Data sourced from NVD (NIST), CISA KEV, and EPSS (FIRST). Analysis generated by CTIWATCH.COM. CVE data is provided under the NVD usage policy.