CVE-2026-53128
MediumCVSS 5.5Exploitation Probability (EPSS)
Low risk8th percentile — higher than 8% of all known CVEs
Summary
In the Linux kernel, the DRBD driver has an RCU call imbalance in drbd_adm_dump_devices(). The function calls rcu_read_unlock() without a preceding rcu_read_lock(), which can lead to incorrect RCU behavior.
Risk Assessment
The RCU call imbalance may cause system instability, potential memory leaks, or crashes in environments using DRBD, especially during administrative operations.
Recommendation
Immediately update the Linux kernel to a version containing the fix for CVE-2026-53128, which restores the proper rcu_read_lock() call before rcu_read_unlock().
Original NVD description (English source)
In the Linux kernel, the following vulnerability has been resolved: drbd: Balance RCU calls in drbd_adm_dump_devices() Make drbd_adm_dump_devices() call rcu_read_lock() before rcu_read_unlock() is called. This has been detected by the Clang thread-safety analyzer.

