CVE-2026-53084
In the Linux kernel, the following vulnerability has been resolved: bpf: return VMA snapshot from task_vma iterator Holding the per-VMA lock across the BPF program body creates a lock ordering problem when helpers acquire locks that depend on mmap_lock: vm_lock -> i_rwsem -> mmap_lock -> vm_lock Snapshot the VMA under the per-VMA lock in _next() via memcpy(), then drop the lock before returning. The BPF program accesses only the snapshot. The verifier only trusts vm_mm and vm_file pointers (see BTF_TYPE_SAFE_TRUSTED_OR_NULL in verifier.c). vm_file is reference- counted with get_file() under the lock and released via fput() on the next iteration or in _destroy(). vm_mm is already correct because lock_vma_under_rcu() verifies vma->vm_mm == mm. All other pointers are left as-is by memcpy() since the verifier treats them as untrusted.
Affected versions
Linux kernel versions
6.7
and later are affected. Fixed in
6.12.91,
6.18.33,
7.0.10,
7.1
and their respective stable series.
References
4 totalFrequently asked questions
-
What is CVE-2026-53084?
CVE-2026-53084 is a unscored severity Linux kernel vulnerability . It affects Linux kernel versions from 6.7 onward and has been patched in 6.12.91, 6.18.33, 7.0.10 and others. CVE-2026-53084 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
-
Is there a patch available for CVE-2026-53084?
Yes — CVE-2026-53084 has been patched. Fixed versions include 6.12.91, 6.18.33, 7.0.10 and others. If you are running Linux kernel 6.7 or later up to the fix versions, apply the relevant patch for your kernel branch.
-
Is CVE-2026-53084 actively exploited?
No — CVE-2026-53084 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.