CVE Catalog

CVE-2026-53128

MediumCVSS 5.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.18%

8th percentile — higher than 8% of all known CVEs

Summary

In the Linux kernel, the DRBD driver has an RCU call imbalance in drbd_adm_dump_devices(). The function calls rcu_read_unlock() without a preceding rcu_read_lock(), which can lead to incorrect RCU behavior.

Risk Assessment

The RCU call imbalance may cause system instability, potential memory leaks, or crashes in environments using DRBD, especially during administrative operations.

Recommendation

Immediately update the Linux kernel to a version containing the fix for CVE-2026-53128, which restores the proper rcu_read_lock() call before rcu_read_unlock().

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: drbd: Balance RCU calls in drbd_adm_dump_devices() Make drbd_adm_dump_devices() call rcu_read_lock() before rcu_read_unlock() is called. This has been detected by the Clang thread-safety analyzer.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS