CVE-2026-53324
In the Linux kernel, the following vulnerability has been resolved: net: mana: Use pci_name() for debugfs directory naming Use pci_name(pdev) for the per-device debugfs directory instead of hardcoded "0" for PFs and pci_slot_name(pdev->slot) for VFs. The previous approach had two issues: 1. pci_slot_name() dereferences pdev->slot, which can be NULL for VFs in environments like generic VFIO passthrough or nested KVM, causing a NULL pointer dereference. 2. Multiple PFs would all use "0", and VFs across different PCI domains or buses could share the same slot name, leading to -EEXIST errors from debugfs_create_dir(). pci_name(pdev) returns the unique BDF address, is always valid, and is unique across the system.
Affected versions
Linux kernel versions
6.13
and later are affected. Fixed in
6.18.33,
7.0.10,
7.1
and their respective stable series.
References
3 totalFrequently asked questions
-
What is CVE-2026-53324?
CVE-2026-53324 is a unscored severity Linux kernel vulnerability . It affects Linux kernel versions from 6.13 onward and has been patched in 6.18.33, 7.0.10 and 7.1. CVE-2026-53324 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
-
Is there a patch available for CVE-2026-53324?
Yes — CVE-2026-53324 has been patched. Fixed versions include 6.18.33, 7.0.10 and 7.1. If you are running Linux kernel 6.13 or later up to the fix versions, apply the relevant patch for your kernel branch.
-
Is CVE-2026-53324 actively exploited?
No — CVE-2026-53324 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.