Linux Kernel: Batch of 11 Vulnerabilities Affecting Networking, Graphics, and Crypto Resolved
Key findings • Eleven Linux kernel vulnerabilities disclosed on June 27, 2026, affecting multiple subsystems. • Vulnerabilities include null pointer dereferences, hangs, and incorrect memory …
Key findings
- Eleven Linux kernel vulnerabilities disclosed on June 27, 2026, affecting multiple subsystems.
- Vulnerabilities include null pointer dereferences, hangs, and incorrect memory handling.
- Key affected areas include networking, DRM/AMD graphics drivers, and crypto.
- All reported vulnerabilities have been resolved in the Linux kernel.
On June 27, 2026, a batch of eleven vulnerabilities was disclosed in the Linux kernel, affecting various subsystems including networking, graphics, power management, and crypto. These vulnerabilities, all resolved on the same day, range in severity and could lead to issues such as null pointer dereferences, hangs, and incorrect memory handling.
Several vulnerabilities were found within the Direct Rendering Manager (DRM) subsystem, specifically impacting AMD graphics drivers. CVE-2026-53293 addresses issues in the drm/amdgpu component related to MMR register reads, while CVE-2026-53285 wraps phantom-plane allocations in DCN32 display controllers to prevent potential hangs in non-real-time environments. Additionally, CVE-2026-53313 aims to avoid NULL dereferences in error paths within the DMUB (Display Microcontroller Unit) server for display drivers. Another graphics-related vulnerability, CVE-2026-53279, fixes a hang on initialization failure in the drm/gma500/oaktrail_lvds driver.
Networking components were also affected. CVE-2026-53297 addresses a double invocation guard in the net: mana driver to prevent issues during device removal when PM resume fails. CVE-2026-53298 moves initialization to the end of a receive queue setup routine in the net: airoha driver to prevent NULL pointer dereferences on allocation failures. Lastly, CVE-2026-53318 prevents a NULL pointer dereference in the wifi: mt76: mt7925 driver by reordering a check.
Other affected areas include the IOMMU (Input-Output Memory Management Unit) with CVE-2026-53283, which adds bounds-checking to device IDs in the iommu/amd driver. The power supply subsystem is touched by CVE-2026-53308, which fixes memory leaks and removal order issues in the power: supply: max77705 driver by using the devm interface. The reset: amlogic driver has a fix for missing reset operations in CVE-2026-53301, preventing a null reset operation. Finally, CVE-2026-53302 corrects algorithm selection for HMAC key setting in the crypto: eip93 driver.
These vulnerabilities were patched in the Linux kernel on June 27, 2026. Users are advised to update to a patched version of the kernel to mitigate potential risks associated with these issues. The wide range of affected subsystems highlights the importance of keeping the kernel updated to ensure system stability and security.
The timely disclosure and resolution of these eleven CVEs demonstrate the ongoing efforts to maintain the security and robustness of the Linux kernel. While no specific exploitation in the wild was mentioned for this batch, the nature of these vulnerabilities, particularly those leading to null pointer dereferences and hangs, could be leveraged by attackers to disrupt system operations or potentially gain further access depending on the context of their deployment.
The fixes address a variety of low-level issues, from incorrect error handling and resource management to improper checks that could lead to system instability. For users of systems that rely on these specific kernel components, applying the relevant kernel updates is crucial. The Linux kernel community's proactive approach to identifying and resolving these bugs is essential for the security of countless devices and services.