๐Ÿ” CVE Alert

CVE-2026-53371

UNKNOWN 0.0

RDMA/ionic: bound node_desc sysfs read with %.64s

CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th

In the Linux kernel, the following vulnerability has been resolved: RDMA/ionic: bound node_desc sysfs read with %.64s node_desc[64] in struct ib_device is not guaranteed to be NUL- terminated. The core IB sysfs handler uses "%.64s" for exactly this reason (drivers/infiniband/core/sysfs.c:1307), since node_desc_store() performs a raw memcpy of up to IB_DEVICE_NODE_DESC_MAX bytes with no NUL termination: memcpy(desc.node_desc, buf, min_t(int, count, IB_DEVICE_NODE_DESC_MAX)); If exactly 64 bytes are written via the node_desc sysfs file, the array contains no NUL byte. The ionic hca_type_show() handler uses unbounded "%s" and will read past the end of node_desc into adjacent fields of struct ib_device until it encounters a NUL. ionic supports IB_DEVICE_MODIFY_NODE_DESC, so this is triggerable by userspace. Match the core handler and bound the format specifier.

Vendor linux
Product linux
Ecosystems
Industries
Technology
Published Jul 19, 2026
Stay Ahead of the Next One

Get instant alerts for linux linux

Be the first to know when new unknown vulnerabilities affecting linux linux are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

Affected Versions

Linux / Linux
2075bbe8ef03914aa2211035eec45d1d3a5c4ff2 < 61df14f306f153bffa2f3c74a94ff5a85c99fa39 2075bbe8ef03914aa2211035eec45d1d3a5c4ff2 < a3e9372203afde2c62576356bb9a17890bc7fd6c 2075bbe8ef03914aa2211035eec45d1d3a5c4ff2 < 654a27f25530d052eeedf086e6c3e2d585c203bd
Linux / Linux
6.18

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
git.kernel.org: https://git.kernel.org/stable/c/61df14f306f153bffa2f3c74a94ff5a85c99fa39 git.kernel.org: https://git.kernel.org/stable/c/a3e9372203afde2c62576356bb9a17890bc7fd6c git.kernel.org: https://git.kernel.org/stable/c/654a27f25530d052eeedf086e6c3e2d585c203bd