{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-53295", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-06-09T07:44:35.396Z", "datePublished": "2026-06-26T19:40:53.670Z", "dateUpdated": "2026-06-26T19:40:53.670Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-06-26T19:40:53.670Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmailbox: add sanity check for channel array\n\nFail gracefully if there is no channel array attached to the mailbox\ncontroller. Otherwise the later dereference will cause an OOPS which\nmight not be seen because mailbox controllers might instantiate very\nearly. Remove the comment explaining the obvious while here."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/mailbox/mailbox.c"], "versions": [{"version": "2b6d83e2b8b7de82331a6a1dcd64b51020a6031c", "lessThan": "5cc3300fab262b26c28bc2fc06df693410c3840b", "status": "affected", "versionType": "git"}, {"version": "2b6d83e2b8b7de82331a6a1dcd64b51020a6031c", "lessThan": "0f11444271110d9b5bc6316a153c6431abda899c", "status": "affected", "versionType": "git"}, {"version": "2b6d83e2b8b7de82331a6a1dcd64b51020a6031c", "lessThan": "d44872a569b8fbacde457ff2587a775e5004bb79", "status": "affected", "versionType": "git"}, {"version": "2b6d83e2b8b7de82331a6a1dcd64b51020a6031c", "lessThan": "14aed0d4e58389cc6a88acf8610b12d3e476272b", "status": "affected", "versionType": "git"}, {"version": "2b6d83e2b8b7de82331a6a1dcd64b51020a6031c", "lessThan": "6362c4a7d7e21e68cd9aa04df7cde16befba3a4b", "status": "affected", "versionType": "git"}, {"version": "2b6d83e2b8b7de82331a6a1dcd64b51020a6031c", "lessThan": "9dd7489943324298bb0f385495795a82f1dd6507", "status": "affected", "versionType": "git"}, {"version": "2b6d83e2b8b7de82331a6a1dcd64b51020a6031c", "lessThan": "37792091ab28ba030fd8d61184c47d4d51294170", "status": "affected", "versionType": "git"}, {"version": "2b6d83e2b8b7de82331a6a1dcd64b51020a6031c", "lessThan": "c1aad75595fb67edc7fda8af249d3b886efa1be9", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/mailbox/mailbox.c"], "versions": [{"version": "3.18", "status": "affected"}, {"version": "0", "lessThan": "3.18", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.258", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.209", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.175", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.141", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.91", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.33", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0.10", "lessThanOrEqual": "7.0.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.1", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.18", "versionEndExcluding": "5.10.258"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.18", "versionEndExcluding": "5.15.209"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.18", "versionEndExcluding": "6.1.175"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.18", "versionEndExcluding": "6.6.141"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.18", "versionEndExcluding": "6.12.91"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.18", "versionEndExcluding": "6.18.33"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.18", "versionEndExcluding": "7.0.10"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.18", "versionEndExcluding": "7.1"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/5cc3300fab262b26c28bc2fc06df693410c3840b"}, {"url": "https://git.kernel.org/stable/c/0f11444271110d9b5bc6316a153c6431abda899c"}, {"url": "https://git.kernel.org/stable/c/d44872a569b8fbacde457ff2587a775e5004bb79"}, {"url": "https://git.kernel.org/stable/c/14aed0d4e58389cc6a88acf8610b12d3e476272b"}, {"url": "https://git.kernel.org/stable/c/6362c4a7d7e21e68cd9aa04df7cde16befba3a4b"}, {"url": "https://git.kernel.org/stable/c/9dd7489943324298bb0f385495795a82f1dd6507"}, {"url": "https://git.kernel.org/stable/c/37792091ab28ba030fd8d61184c47d4d51294170"}, {"url": "https://git.kernel.org/stable/c/c1aad75595fb67edc7fda8af249d3b886efa1be9"}], "title": "mailbox: add sanity check for channel array", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{}

{"bugzilla": {"description": "kernel: mailbox: add sanity check for channel array", "id": "2493759", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493759"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-166", "details": ["A flaw was found in the Linux kernel's mailbox component. This vulnerability arises from an insufficient sanity check for the channel array. When a mailbox controller is initialized without an attached channel array, a subsequent operation can lead to a null pointer dereference, causing a kernel crash. This could result in a denial of service for the affected system."], "name": "CVE-2026-53295", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-06-26T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-53295\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-53295\nhttps://lore.kernel.org/linux-cve-announce/2026062617-CVE-2026-53295-770b@gregkh/T"], "threat_severity": "Low"}