HOMEVULNERABILITIESCVE-2026-53274
NONE

CVE-2026-53274

Published: June 25, 2026· Updated: Jun 30, 2026

EPSS:0.18%probability of exploitation in 30 daysPercentile:7.8th

Official Description

In the Linux kernel, the following vulnerability has been resolved:

net/smc: fix sleep-inside-lock in __smc_setsockopt() causing local DoS

A logic flaw in __smc_setsockopt() allows a local unprivileged user to

cause a Denial of Service (DoS) by holding the socket lock indefinitely.

The function __smc_setsockopt() calls copy_from_sockptr() while holding

lock_sock(sk). By passing a userfaultfd-monitored memory page (or

FUSE-backed memory on systems where unprivileged userfaultfd is disabled)

as the optval, an attacker can halt execution during the copy operation,

keeping the lock held.

Combined with asynchronous tear-down operations like shutdown(), this

exhausts the kernel wq (kworkers) and triggers the hung task watchdog.

[ 240.123456] INFO: task kworker/u8:2 blocked for more than 120 seconds.

[ 240.123489] Call Trace:

[ 240.123501] smc_shutdown+...

[ 240.123512] lock_sock_nested+...

This patch moves the user-space copy outside the lock_sock() critical

section to prevent the issue.

NVD Source

Technical Analysis

CVE-2026-53274 requires local access, meaning attackers must already have a foothold on the target system.

Exploitation requires some privileges, which limits the exposure to scenarios where an attacker has already gained initial access.

Affected Vendors & Products

Mentioned vendors (from description):
Linux
CPE data not yet available in NVD for this CVE.

Exploit & PoC Resources

NO KNOWN EXPLOITNo public exploit confirmed at this time
External links open in a new tab. Always verify in a controlled environment before use.

All References (6)

Quick Facts

CVE IDCVE-2026-53274
SeverityNONE
CISA KEVNo
EPSS (30d)0.18%
PublishedJun 25, 2026

Recommended Actions

  • Apply vendor patches immediately
  • Monitor CVE-2026-53274 in threat intel feeds
  • Review IDS/IPS signatures for exploitation attempts
Data sourced from NVD (NIST), CISA KEV, and EPSS (FIRST). Analysis generated by CTIWATCH.COM. CVE data is provided under the NVD usage policy.