CVE-2026-53031
HighCVSS 7.8Exploitation Probability (EPSS)
Low risk3th percentile — higher than 3% of all known CVEs
Summary
A vulnerability was found in the Linux kernel in the arena_alloc_pages() function of the BPF subsystem. The function accepts a node_id as a plain int and forwards it without any bounds checking. Lack of validation may lead to incorrect memory allocation behavior.
Risk Assessment
The risk involves using an invalid node_id to trigger unexpected memory allocator behavior, potentially causing system crashes or security breaches.
Recommendation
Apply the security patch for the Linux kernel that adds node_id validation in arena_alloc_pages() immediately. Update to the latest stable kernel version.
Original NVD description (English source)
In the Linux kernel, the following vulnerability has been resolved: bpf: Validate node_id in arena_alloc_pages() arena_alloc_pages() accepts a plain int node_id and forwards it through the entire allocation chain without any bounds checking. Validate node_id before passing it down the allocation chain in arena_alloc_pages().

