What is CVE-2026-53211?

CVE-2026-53211 is a unscored severity Linux kernel vulnerability. CVE-2026-53211 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2026-53211?

CVE-2026-53211 has a CVSS score of pending NVD analysis out of 10, rated awaiting scoring severity.

Is there a patch available for CVE-2026-53211?

Monitor the NIST NVD and your Linux distribution's security advisories for CVE-2026-53211 patch availability.

Is CVE-2026-53211 actively exploited?

CVE-2026-53211 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2026-53211

In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_meta_bridge: fix stale stack leak via IIFHWADDR register NFT_META_BRI_IIFHWADDR declares its destination register with len = ETH_ALEN (6 bytes), which the register-init tracking rounds up to two 32-bit registers (8 bytes). nft_meta_bridge_get_eval() then does memcpy(dest, br_dev->dev_addr, ETH_ALEN), writing only 6 bytes and leaving the upper 2 bytes of the second register as uninitialised nft_do_chain() stack. A downstream load of that register span leaks those stale bytes to userspace. Zero the second register before the memcpy so the full declared span is written.

Package Linux Kernel

Published 2026-06-25

Last modified 2026-06-25

Patch available

Awaiting data

References

3 total

Kernel Git
https://git.kernel.org/stable/c/07acb9798477535933bd658ac9fa85b6cb10d995
Kernel Git
https://git.kernel.org/stable/c/c7d573551f9286100a055ef696cde6af54549677
Kernel Git
https://git.kernel.org/stable/c/f1e81d571e375d10e50e852223593493d98c1bac