CVE Catalog

CVE-2026-53295

MediumCVSS 5.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.12%

2th percentile — higher than 2% of all known CVEs

Summary

A sanity check for the channel array was added in the Linux kernel mailbox driver. Without it, a missing channel array could cause a NULL pointer dereference and kernel OOPS, especially during early initialization.

Risk Assessment

The organization risks system crashes (kernel panic) during mailbox driver initialization, potentially disrupting critical services or causing data loss.

Recommendation

Immediately update the Linux kernel to a version containing this fix (commit adding the sanity check). Monitor official security advisories from your Linux distribution.

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: mailbox: add sanity check for channel array Fail gracefully if there is no channel array attached to the mailbox controller. Otherwise the later dereference will cause an OOPS which might not be seen because mailbox controllers might instantiate very early. Remove the comment explaining the obvious while here.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS