CVE-2026-53326
CVE-2026-53326 is a security vulnerability that is still awaiting full analysis and scoring. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low.
Key facts
- EPSS exploit prediction: 0% (7th percentile)
- Actively exploited: Not listed in CISA KEV
- Published:
- Last modified:
Description
In the Linux kernel, the following vulnerability has been resolved: debugobjects: Don't call fill_pool() in early boot hardirq context When booting a debug PREEMPT_RT kernel on an ARM64 system, a "inconsistent {HARDIRQ-ON-W} -> {IN-HARDIRQ-W} usage" lockdep warning message was reported to the console. During early boot, interrupts are enabled before the scheduler is enabled. In this window (before SYSTEM_SCHEDULING is set) interrupts can fire and in the hard interrupt context handler attempt to fill the pool This can lead to a deadlock when the interrupt occurred when the interrupt hits a region which holds a lock that is required to be taken in the allocation path. Add a new can_fill_pool() helper and reorder the exception rule and forbid this scenario by excluding allocations from hard interrupt context.
Frequently asked questions
- What is CVE-2026-53326?
- In the Linux kernel, the following vulnerability has been resolved: debugobjects: Don't call fill_pool() in early boot hardirq context When booting a debug PREEMPT_RT kernel on an ARM64 system, a "inconsistent {HARDIRQ-ON-W} -> {IN-HARDIRQ-W} usage" lockdep warning message was reported to the console. During early boot, interrupts are enabled before the scheduler is enabled. In this window (before SYSTEM_SCHEDULING is set) interrupts can fire and in the hard interrupt context handler attempt to fill the pool This can lead to a deadlock when the interrupt occurred when the interrupt hits a region which holds a lock that is required to be taken in the allocation path. Add a new can_fill_pool() helper and reorder the exception rule and forbid this scenario by excluding allocations from hard interrupt context.
- Is CVE-2026-53326 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 0% (7th percentile), an estimate of the probability of exploitation in the next 30 days.
- How do I fix CVE-2026-53326?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- When was CVE-2026-53326 published?
- CVE-2026-53326 was published on 2026-07-01 and last updated on 2026-07-04.
References
- https://git.kernel.org/stable/c/0d046ae106255cba5eb83b23f78ee93f3620247d
- https://git.kernel.org/stable/c/27335c50014102e9077b784ebd314954286afcab
- https://git.kernel.org/stable/c/3cc90ea0dd0fb1f8db577dcdc027fc46c06049f6
- https://git.kernel.org/stable/c/44b8b03a9fb5c575548fc72c674653d6baba142a
- https://git.kernel.org/stable/c/5d95f6b267f3d7fe54f42a3b224bb4a3d3990b41
- https://git.kernel.org/stable/c/7bc71bdb1c1526c7f02a6adab324394ff1327b0a