What is CVE-2026-53043?

CVE-2026-53043 is a unscored severity Linux kernel vulnerability, affecting Linux kernel versions from 2.6.37 onward and patched in 5.10.258, 5.15.209, 6.1.175 and others. CVE-2026-53043 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2026-53043?

CVE-2026-53043 has a CVSS score of pending NVD analysis out of 10, rated awaiting scoring severity.

Is there a patch available for CVE-2026-53043?

Yes, CVE-2026-53043 has been patched. Fixed versions include 5.10.258, 5.15.209, 6.1.175 and others. If you are running Linux kernel 2.6.37 or later up to the fix versions, apply the relevant patch for your kernel branch.

Is CVE-2026-53043 actively exploited?

CVE-2026-53043 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2026-53043

In the Linux kernel, the following vulnerability has been resolved: ocfs2/dlm: validate qr_numregions in dlm_match_regions() Patch series "ocfs2/dlm: fix two bugs in dlm_match_regions()". In dlm_match_regions(), the qr_numregions field from a DLM_QUERY_REGION network message is used to drive loops over the qr_regions buffer without sufficient validation. This series fixes two issues: - Patch 1 adds a bounds check to reject messages where qr_numregions exceeds O2NM_MAX_REGIONS. The o2net layer only validates message byte length; it does not constrain field values, so a crafted message can set qr_numregions up to 255 and trigger out-of-bounds reads past the 1024-byte qr_regions buffer. - Patch 2 fixes an off-by-one in the local-vs-remote comparison loop, which uses '<=' instead of '<', reading one entry past the valid range even when qr_numregions is within bounds. This patch (of 2): The qr_numregions field from a DLM_QUERY_REGION network message is used directly as loop bounds in dlm_match_regions() without checking against O2NM_MAX_REGIONS. Since qr_regions is sized for at most O2NM_MAX_REGIONS (32) entries, a crafted message with qr_numregions > 32 causes out-of-bounds reads past the qr_regions buffer. Add a bounds check for qr_numregions before entering the loops.

Package Linux Kernel

Published 2026-06-24

Last modified 2026-06-24

Patch available

Yes

Affected versions

Linux kernel versions 2.6.37 and later are affected. Fixed in 5.10.258, 5.15.209, 6.1.175, 6.6.141, 6.12.91, 6.18.33, 7.0.10, 7.1 and their respective stable series.

Affected from

≥ 2.6.37

Fixed in

✓ 5.10.258 5.10.x ✓ 5.15.209 5.15.x ✓ 6.1.175 6.1.x ✓ 6.6.141 6.6.x ✓ 6.12.91 6.12.x ✓ 6.18.33 6.18.x ✓ 7.0.10 7.0.x ✓ 7.1

References

8 total

Showing 5 of 8 references View all on NVD

Frequently asked questions

What is CVE-2026-53043?

CVE-2026-53043 is a unscored severity Linux kernel vulnerability . It affects Linux kernel versions from 2.6.37 onward and has been patched in 5.10.258, 5.15.209, 6.1.175 and others. CVE-2026-53043 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
Is there a patch available for CVE-2026-53043?

Yes — CVE-2026-53043 has been patched. Fixed versions include 5.10.258, 5.15.209, 6.1.175 and others. If you are running Linux kernel 2.6.37 or later up to the fix versions, apply the relevant patch for your kernel branch.
Is CVE-2026-53043 actively exploited?

No — CVE-2026-53043 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.