CVE-2026-53043 - Vulnerability Details

Vendors	Products
Linux	Linux Kernel

Link	Providers
https://git.kernel.org/stable/c/1f8b91275912cd428289c1fb424bebd7ff5302bd
https://git.kernel.org/stable/c/3c2d0de23ae4be22b6c18e8f0915be74d3b5fb21
https://git.kernel.org/stable/c/3f474c33ebc2e2ca3fcb587d7de4375348f13373
https://git.kernel.org/stable/c/6c6e8fc3c007319981647b410c29bb5775048551
https://git.kernel.org/stable/c/7ab3fbb01bc6d79091bc375e5235d360cd9b78be
https://git.kernel.org/stable/c/d3d5efade0c79dac1cac98c0cb1115432f804439
https://git.kernel.org/stable/c/f37de46149db49abd2b24f4f0c5a88cf4dfb5f47
https://git.kernel.org/stable/c/f69551139caf6d24242a0ad049ee46b264e3aee0

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: ocfs2/dlm: validate qr_numregions in dlm_match_regions() Patch series "ocfs2/dlm: fix two bugs in dlm_match_regions()". In dlm_match_regions(), the qr_numregions field from a DLM_QUERY_REGION network message is used to drive loops over the qr_regions buffer without sufficient validation. This series fixes two issues: - Patch 1 adds a bounds check to reject messages where qr_numregions exceeds O2NM_MAX_REGIONS. The o2net layer only validates message byte length; it does not constrain field values, so a crafted message can set qr_numregions up to 255 and trigger out-of-bounds reads past the 1024-byte qr_regions buffer. - Patch 2 fixes an off-by-one in the local-vs-remote comparison loop, which uses '<=' instead of '<', reading one entry past the valid range even when qr_numregions is within bounds. This patch (of 2): The qr_numregions field from a DLM_QUERY_REGION network message is used directly as loop bounds in dlm_match_regions() without checking against O2NM_MAX_REGIONS. Since qr_regions is sized for at most O2NM_MAX_REGIONS (32) entries, a crafted message with qr_numregions > 32 causes out-of-bounds reads past the qr_regions buffer. Add a bounds check for qr_numregions before entering the loops.
Title		ocfs2/dlm: validate qr_numregions in dlm_match_regions()
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/1f8b91275912cd428289c1fb424bebd7ff5302bd https://git.kernel.org/stable/c/3c2d0de23ae4be22b6c18e8f0915be74d3b5fb21 https://git.kernel.org/stable/c/3f474c33ebc2e2ca3fcb587d7de4375348f13373 https://git.kernel.org/stable/c/6c6e8fc3c007319981647b410c29bb5775048551 https://git.kernel.org/stable/c/7ab3fbb01bc6d79091bc375e5235d360cd9b78be https://git.kernel.org/stable/c/d3d5efade0c79dac1cac98c0cb1115432f804439 https://git.kernel.org/stable/c/f37de46149db49abd2b24f4f0c5a88cf4dfb5f47 https://git.kernel.org/stable/c/f69551139caf6d24242a0ad049ee46b264e3aee0

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-53043", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-06-09T07:44:35.380Z", "datePublished": "2026-06-24T16:29:49.480Z", "dateUpdated": "2026-06-24T16:29:49.480Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-06-24T16:29:49.480Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2/dlm: validate qr_numregions in dlm_match_regions()\n\nPatch series \"ocfs2/dlm: fix two bugs in dlm_match_regions()\".\n\nIn dlm_match_regions(), the qr_numregions field from a DLM_QUERY_REGION\nnetwork message is used to drive loops over the qr_regions buffer without\nsufficient validation. This series fixes two issues:\n\n- Patch 1 adds a bounds check to reject messages where qr_numregions\n exceeds O2NM_MAX_REGIONS. The o2net layer only validates message\n byte length; it does not constrain field values, so a crafted message\n can set qr_numregions up to 255 and trigger out-of-bounds reads past\n the 1024-byte qr_regions buffer.\n\n- Patch 2 fixes an off-by-one in the local-vs-remote comparison loop,\n which uses '<=' instead of '<', reading one entry past the valid range\n even when qr_numregions is within bounds.\n\n\nThis patch (of 2):\n\nThe qr_numregions field from a DLM_QUERY_REGION network message is used\ndirectly as loop bounds in dlm_match_regions() without checking against\nO2NM_MAX_REGIONS. Since qr_regions is sized for at most O2NM_MAX_REGIONS\n(32) entries, a crafted message with qr_numregions > 32 causes\nout-of-bounds reads past the qr_regions buffer.\n\nAdd a bounds check for qr_numregions before entering the loops."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/ocfs2/dlm/dlmdomain.c"], "versions": [{"version": "ea2034416b54700e30371f2ad6517cbb94674083", "lessThan": "d3d5efade0c79dac1cac98c0cb1115432f804439", "status": "affected", "versionType": "git"}, {"version": "ea2034416b54700e30371f2ad6517cbb94674083", "lessThan": "f69551139caf6d24242a0ad049ee46b264e3aee0", "status": "affected", "versionType": "git"}, {"version": "ea2034416b54700e30371f2ad6517cbb94674083", "lessThan": "1f8b91275912cd428289c1fb424bebd7ff5302bd", "status": "affected", "versionType": "git"}, {"version": "ea2034416b54700e30371f2ad6517cbb94674083", "lessThan": "f37de46149db49abd2b24f4f0c5a88cf4dfb5f47", "status": "affected", "versionType": "git"}, {"version": "ea2034416b54700e30371f2ad6517cbb94674083", "lessThan": "6c6e8fc3c007319981647b410c29bb5775048551", "status": "affected", "versionType": "git"}, {"version": "ea2034416b54700e30371f2ad6517cbb94674083", "lessThan": "3f474c33ebc2e2ca3fcb587d7de4375348f13373", "status": "affected", "versionType": "git"}, {"version": "ea2034416b54700e30371f2ad6517cbb94674083", "lessThan": "3c2d0de23ae4be22b6c18e8f0915be74d3b5fb21", "status": "affected", "versionType": "git"}, {"version": "ea2034416b54700e30371f2ad6517cbb94674083", "lessThan": "7ab3fbb01bc6d79091bc375e5235d360cd9b78be", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/ocfs2/dlm/dlmdomain.c"], "versions": [{"version": "2.6.37", "status": "affected"}, {"version": "0", "lessThan": "2.6.37", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.258", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.209", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.175", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.141", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.91", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.33", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0.10", "lessThanOrEqual": "7.0.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.1", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.37", "versionEndExcluding": "5.10.258"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.37", "versionEndExcluding": "5.15.209"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.37", "versionEndExcluding": "6.1.175"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.37", "versionEndExcluding": "6.6.141"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.37", "versionEndExcluding": "6.12.91"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.37", "versionEndExcluding": "6.18.33"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.37", "versionEndExcluding": "7.0.10"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.37", "versionEndExcluding": "7.1"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/d3d5efade0c79dac1cac98c0cb1115432f804439"}, {"url": "https://git.kernel.org/stable/c/f69551139caf6d24242a0ad049ee46b264e3aee0"}, {"url": "https://git.kernel.org/stable/c/1f8b91275912cd428289c1fb424bebd7ff5302bd"}, {"url": "https://git.kernel.org/stable/c/f37de46149db49abd2b24f4f0c5a88cf4dfb5f47"}, {"url": "https://git.kernel.org/stable/c/6c6e8fc3c007319981647b410c29bb5775048551"}, {"url": "https://git.kernel.org/stable/c/3f474c33ebc2e2ca3fcb587d7de4375348f13373"}, {"url": "https://git.kernel.org/stable/c/3c2d0de23ae4be22b6c18e8f0915be74d3b5fb21"}, {"url": "https://git.kernel.org/stable/c/7ab3fbb01bc6d79091bc375e5235d360cd9b78be"}], "title": "ocfs2/dlm: validate qr_numregions in dlm_match_regions()", "x_generator": {"engine": "bippy-1.2.0"}}}}

Metrics

Affected Vendors & Products

Metrics

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object