CVE-2026-53314

In the Linux kernel, the following vulnerability has been resolved: padata: Put CPU offline callback in ONLINE section to allow failure syzbot reported the following warning: DEAD callback error for CPU1 WARNING: kernel/cpu.c:1463 at _cpu_down+0x759/0x1020 kernel/cpu.c:1463, CPU#0: syz.0.1960/14614 at commit 4ae12d8bd9a8 ("Merge tag 'kbuild-fixes-7.0-2' of git://git.kernel.org/pub/scm/linux/kernel/git/kbuild/linux") which tglx traced to padata_cpu_dead() given it's the only sub-CPUHP_TEARDOWN_CPU callback that returns an error. Failure isn't allowed in hotplug states before CPUHP_TEARDOWN_CPU so move the CPU offline callback to the ONLINE section where failure is possible.

Package Linux Kernel
Published 2026-06-26
Last modified 2026-06-26
Patch available
Yes

Affected versions

Linux kernel versions 4.19.202, 5.4.22, 5.5.6, 5.6 and later are affected. Fixed in 6.1.175, 6.6.141, 6.12.91, 6.18.33, 7.0.10, 7.1 and their respective stable series.

Affected from
≥ 4.19.202 ≥ 5.4.22 ≥ 5.5.6 ≥ 5.6
Fixed in
✓ 6.1.175 6.1.x ✓ 6.6.141 6.6.x ✓ 6.12.91 6.12.x ✓ 6.18.33 6.18.x ✓ 7.0.10 7.0.x ✓ 7.1

References

6 total
Showing 5 of 6 references View all on NVD

Frequently asked questions

  • What is CVE-2026-53314?

    CVE-2026-53314 is a unscored severity Linux kernel vulnerability . It affects Linux kernel versions from 4.19.202 onward and has been patched in 6.1.175, 6.6.141, 6.12.91 and others. CVE-2026-53314 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

  • Is there a patch available for CVE-2026-53314?

    Yes — CVE-2026-53314 has been patched. Fixed versions include 6.1.175, 6.6.141, 6.12.91 and others. If you are running Linux kernel 4.19.202 or later up to the fix versions, apply the relevant patch for your kernel branch.

  • Is CVE-2026-53314 actively exploited?

    No — CVE-2026-53314 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.

Back to
All CVEs
View on
NVD / NIST