CVE-2026-53079
In the Linux kernel, the following vulnerability has been resolved: net_sched: fix skb memory leak in deferred qdisc drops When the network stack cleans up the deferred list via qdisc_run_end(), it operates on the root qdisc. If the root qdisc do not implement the TCQ_F_DEQUEUE_DROPS flag the packets queue to free are never freed and gets stranded on the child's local to_free list. Fix this by making qdisc_dequeue_drop() aware of the root qdisc. It fetches the root qdisc and check for the TCQ_F_DEQUEUE_DROPS flag. If the flag is present, the packet is appended directly to the root's to_free list. Otherwise, drop it directly as it was done before the optimization was implemented.
Affected versions
Linux kernel versions
6.19
and later are affected. Fixed in
7.0.10,
7.1
and their respective stable series.
References
2 totalFrequently asked questions
-
What is CVE-2026-53079?
CVE-2026-53079 is a unscored severity Linux kernel vulnerability . It affects Linux kernel versions from 6.19 onward and has been patched in 7.0.10 and 7.1. CVE-2026-53079 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
-
Is there a patch available for CVE-2026-53079?
Yes — CVE-2026-53079 has been patched. Fixed versions include 7.0.10 and 7.1. If you are running Linux kernel 6.19 or later up to the fix versions, apply the relevant patch for your kernel branch.
-
Is CVE-2026-53079 actively exploited?
No — CVE-2026-53079 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.