What is CVE-2026-52974?

CVE-2026-52974 is a unscored severity Linux kernel vulnerability, affecting Linux kernel versions from 6.0 onward and patched in 6.1.175, 6.6.141, 6.12.91 and others. CVE-2026-52974 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2026-52974?

CVE-2026-52974 has a CVSS score of pending NVD analysis out of 10, rated awaiting scoring severity.

Is there a patch available for CVE-2026-52974?

Yes, CVE-2026-52974 has been patched. Fixed versions include 6.1.175, 6.6.141, 6.12.91 and others. If you are running Linux kernel 6.0 or later up to the fix versions, apply the relevant patch for your kernel branch.

Is CVE-2026-52974 actively exploited?

CVE-2026-52974 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2026-52974

In the Linux kernel, the following vulnerability has been resolved: net: tls: fix strparser anchor skb leak on offload RX setup failure When tls_set_device_offload_rx() fails at tls_dev_add(), the error path calls tls_sw_free_resources_rx() to clean up the SW context that was initialized by tls_set_sw_offload(). This function calls tls_sw_release_resources_rx() (which stops the strparser via tls_strp_stop()) and tls_sw_free_ctx_rx() (which kfrees the context), but never frees the anchor skb that was allocated by alloc_skb(0) in tls_strp_init(). Note that tls_sw_free_resources_rx() is exclusively used for this "failed to start offload" code path, there's no other caller. The leak did not exist before commit 84c61fe1a75b ("tls: rx: do not use the standard strparser"), because the standard strparser doesn't try to pre-allocate an skb. The normal close path in tls_sk_proto_close() handles cleanup by calling tls_sw_strparser_done() (which calls tls_strp_done()) after dropping the socket lock, because tls_strp_done() does cancel_work_sync() and the strparser work handler takes the socket lock.

Package Linux Kernel

Published 2026-06-24

Last modified 2026-06-24

Patch available

Yes

Affected versions

Linux kernel versions 6.0 and later are affected. Fixed in 6.1.175, 6.6.141, 6.12.91, 6.18.33, 7.0.10, 7.1 and their respective stable series.

Affected from

≥ 6.0

Fixed in

✓ 6.1.175 6.1.x ✓ 6.6.141 6.6.x ✓ 6.12.91 6.12.x ✓ 6.18.33 6.18.x ✓ 7.0.10 7.0.x ✓ 7.1

References

6 total

Showing 5 of 6 references View all on NVD

Frequently asked questions

What is CVE-2026-52974?

CVE-2026-52974 is a unscored severity Linux kernel vulnerability . It affects Linux kernel versions from 6.0 onward and has been patched in 6.1.175, 6.6.141, 6.12.91 and others. CVE-2026-52974 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
Is there a patch available for CVE-2026-52974?

Yes — CVE-2026-52974 has been patched. Fixed versions include 6.1.175, 6.6.141, 6.12.91 and others. If you are running Linux kernel 6.0 or later up to the fix versions, apply the relevant patch for your kernel branch.
Is CVE-2026-52974 actively exploited?

No — CVE-2026-52974 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.