CVE Catalog

CVE-2026-53282

MediumCVSS 5.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.12%

2th percentile — higher than 2% of all known CVEs

Summary

A vulnerability was found in the Linux kernel's kexec mechanism. After recent changes, in a non-kjump kexec path the return address is no longer pushed onto the stack, causing purgatory code to attempt reading a non-existent address, leading to a fault and potential system hang.

Risk Assessment

The risk involves possible system hangs during kexec operations, which can disrupt services and cause availability loss, especially in server and virtualization environments.

Recommendation

Immediately update the Linux kernel to a version containing the fix (commit that restores pushing the return address onto the stack in the non-kjump path).

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: x86/kexec: Push kjump return address even for non-kjump kexec The version of purgatory code shipped by kexec-tools attempts to look above the top of its stack to find a return address for a kjump, even in a non-kjump kexec. After the commit in Fixes: the word above the stack might not be there, leading to a fault (which is at least now caught by my exception-handling code in kexec). That commit fixed things for the actual kjump path, but no longer "gratuitously" pushes the unused return address to the stack in the non-kjump path. Put that *back* in the non-kjump path, to prevent purgatory from crashing when trying to access it.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS