VYPR
researchPublished Jul 5, 2026· Updated Jul 6, 2026· 1 source

Linux Kernel: Three Vulnerabilities in af_unix, ipv6, and KVM Disclosed Together

Key findings • Three Linux Kernel vulnerabilities disclosed on July 5, 2026, affecting af_unix, ipv6, and KVM subsystems. • CVE-2026-53361 involves a race condition in af_unix garbage collect…

Key findings

  • Three Linux Kernel vulnerabilities disclosed on July 5, 2026, affecting af_unix, ipv6, and KVM subsystems.
  • CVE-2026-53361 involves a race condition in af_unix garbage collection.
  • CVE-2026-53362 addresses fragment gap accounting in the ipv6 subsystem.
  • CVE-2026-53359 is a KVM shadow paging use-after-free vulnerability.
  • All disclosed vulnerabilities have been resolved in updated kernel versions.

On July 5, 2026, a batch of three vulnerabilities affecting the Linux Kernel was disclosed. These vulnerabilities, all resolved on the same day, touch upon different components of the kernel, including the af_unix, ipv6, and KVM subsystems. The disclosures highlight ongoing security efforts within the Linux kernel development community to address potential weaknesses.

The first vulnerability, CVE-2026-53361, impacts the af_unix subsystem. It was reported that the unix_gc() function could execute with gc_in_progress set to false under specific race conditions, potentially leading to issues when work is scheduled while the garbage collection process is running. This race condition could be triggered by concurrent threads.

CVE-2026-53362 addresses a flaw in the ipv6 subsystem, specifically concerning the accounting for fragment gaps on the paged allocation path. The vulnerability lies within the __ip6_append_data() function, where incorrect calculations of alloclen and pagedlen could occur when the paged-allocation branch is taken, particularly with MSG_MORE, NETIF_F_SG, and large fragment lengths.

The third vulnerability, CVE-2026-53359, relates to KVM (Kernel-based Virtual Machine) on x86 architecture. This issue is a use-after-free vulnerability in shadow paging, stemming from an unexpected role. A previous commit aimed to fix a shadow paging mismatch, but this CVE points to a scenario where the bug could still be triggered due to an unexpected Guest Physical Address (GFN) value.

These vulnerabilities were patched and resolved within the Linux kernel. Users are advised to ensure their systems are running updated kernel versions that incorporate these fixes to mitigate any potential security risks associated with these flaws. The coordinated disclosure of these distinct issues underscores the continuous security maintenance required for complex systems like the Linux kernel.

The timely resolution and disclosure of these CVEs demonstrate the proactive approach taken by the Linux kernel security teams to identify and fix potential vulnerabilities, ensuring the stability and security of the operating system. Maintaining an up-to-date kernel is crucial for users to benefit from these security enhancements.

Synthesized by Vypr AI