In the Linux kernel, the following vulnerability has been resolved:
xsk: cache csum_start/csum_offset to fix TOCTOU in xsk_skb_metadata()
The TX metadata area resides in the UMEM buffer which is memory-mapped
and concurrently writable by userspace. In xsk_skb_metadata(),
csum_start and csum_offset are read from shared memory for bounds
validation, then read again for skb assignment. A malicious userspace
application can race to overwrite these values between the two reads,
bypassing the bounds check and causing out-of-bounds memory access
during checksum computation in the transmit path.
Fix this by reading csum_start and csum_offset into local variables
once, then using the local copies for both validation and assignment.
Note that other metadata fields (flags, launch_time) and the cached
csum fields may be mutually inconsistent due to concurrent userspace
writes, but this is benign: the only security-critical invariant is
that each field's validated value is the same one used, which local
caching guarantees.
References
Configurations
Configuration 1 (hide)
|
History
08 Jul 2026, 13:04
| Type | Values Removed | Values Added |
|---|---|---|
| CWE | CWE-367 | |
| CPE | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:7.1:rc3:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:7.1:rc5:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:7.1:rc4:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:7.1:rc6:*:*:*:*:*:* |
|
| First Time |
Linux linux Kernel
Linux |
|
| References | () https://git.kernel.org/stable/c/0dfe05b938435892875e07771170051346412df9 - Patch | |
| References | () https://git.kernel.org/stable/c/22ba97ea9cc1f63a0d0244fae38057ed452b6ac7 - Patch | |
| References | () https://git.kernel.org/stable/c/bfdfd2706d5fb2cd496a1506e680daf979309c8b - Patch |
28 Jun 2026, 08:16
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.8 |
25 Jun 2026, 09:16
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-06-25 09:16
Updated : 2026-07-08 13:04
NVD link : CVE-2026-53250
Mitre link : CVE-2026-53250
CVE.ORG link : CVE-2026-53250
JSON object : View
Products Affected
linux
- linux_kernel
CWE
CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
