{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-53047", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-06-09T07:44:35.381Z", "datePublished": "2026-06-24T16:29:53.491Z", "dateUpdated": "2026-06-24T16:29:53.491Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-06-24T16:29:53.491Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nefi/capsule-loader: fix incorrect sizeof in phys array reallocation\n\nThe krealloc() call for cap_info->phys in __efi_capsule_setup_info() uses\nsizeof(phys_addr_t *) instead of sizeof(phys_addr_t), which might be\ncausing an undersized allocation.\n\nThe allocation is also inconsistent with the initial array allocation in\nefi_capsule_open() that allocates one entry with sizeof(phys_addr_t),\nand the efi_capsule_write() function that stores phys_addr_t values (not\npointers) via page_to_phys().\n\nOn 64-bit systems where sizeof(phys_addr_t) == sizeof(phys_addr_t *), this\ngoes unnoticed. On 32-bit systems with PAE where phys_addr_t is 64-bit but\npointers are 32-bit, this allocates half the required space, which might\nlead to a heap buffer overflow when storing physical addresses.\n\nThis is similar to the bug fixed in commit fccfa646ef36 (\"efi/capsule-loader:\nfix incorrect allocation size\") which fixed the same issue at the initial\nallocation site."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/firmware/efi/capsule-loader.c"], "versions": [{"version": "f24c4d478013d82bd1b943df566fff3561d52864", "lessThan": "22022cd8851703a58f67615a17bc7e9e8682785b", "status": "affected", "versionType": "git"}, {"version": "f24c4d478013d82bd1b943df566fff3561d52864", "lessThan": "67adde6bfdfd563a54b045d59aeb9a2d90c80697", "status": "affected", "versionType": "git"}, {"version": "f24c4d478013d82bd1b943df566fff3561d52864", "lessThan": "608e1f7bc9d171ab26c1fba288c97fc76363c27d", "status": "affected", "versionType": "git"}, {"version": "f24c4d478013d82bd1b943df566fff3561d52864", "lessThan": "8be69e9245f805566bac68ffc8574b64735fd996", "status": "affected", "versionType": "git"}, {"version": "f24c4d478013d82bd1b943df566fff3561d52864", "lessThan": "5e185330d902b12fe8e6eb4b8514b5d736d8d66d", "status": "affected", "versionType": "git"}, {"version": "f24c4d478013d82bd1b943df566fff3561d52864", "lessThan": "e0e6b14995fd6fa2c0df8c712d76ab32f0694c31", "status": "affected", "versionType": "git"}, {"version": "f24c4d478013d82bd1b943df566fff3561d52864", "lessThan": "ab3f7098a3a27175b91cfc947950f5c26855801b", "status": "affected", "versionType": "git"}, {"version": "f24c4d478013d82bd1b943df566fff3561d52864", "lessThan": "48a428215782321b56956974f23593e40ce84b7a", "status": "affected", "versionType": "git"}, {"version": "95a362c9a6892085f714eb6e31eea6a0e3aa93bf", "status": "affected", "versionType": "git"}, {"version": "4.14.13", "lessThan": "4.15", "status": "affected", "versionType": "semver"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/firmware/efi/capsule-loader.c"], "versions": [{"version": "4.15", "status": "affected"}, {"version": "0", "lessThan": "4.15", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.258", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.209", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.175", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.141", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.91", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.33", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0.10", "lessThanOrEqual": "7.0.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.1", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.15", "versionEndExcluding": "5.10.258"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.15", "versionEndExcluding": "5.15.209"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.15", "versionEndExcluding": "6.1.175"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.15", "versionEndExcluding": "6.6.141"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.15", "versionEndExcluding": "6.12.91"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.15", "versionEndExcluding": "6.18.33"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.15", "versionEndExcluding": "7.0.10"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.15", "versionEndExcluding": "7.1"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.14.13"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/22022cd8851703a58f67615a17bc7e9e8682785b"}, {"url": "https://git.kernel.org/stable/c/67adde6bfdfd563a54b045d59aeb9a2d90c80697"}, {"url": "https://git.kernel.org/stable/c/608e1f7bc9d171ab26c1fba288c97fc76363c27d"}, {"url": "https://git.kernel.org/stable/c/8be69e9245f805566bac68ffc8574b64735fd996"}, {"url": "https://git.kernel.org/stable/c/5e185330d902b12fe8e6eb4b8514b5d736d8d66d"}, {"url": "https://git.kernel.org/stable/c/e0e6b14995fd6fa2c0df8c712d76ab32f0694c31"}, {"url": "https://git.kernel.org/stable/c/ab3f7098a3a27175b91cfc947950f5c26855801b"}, {"url": "https://git.kernel.org/stable/c/48a428215782321b56956974f23593e40ce84b7a"}], "title": "efi/capsule-loader: fix incorrect sizeof in phys array reallocation", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{}

{"bugzilla": {"description": "kernel: efi/capsule-loader: fix incorrect sizeof in phys array reallocation", "id": "2492279", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2492279"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-131", "details": ["A flaw was found in the Linux kernel's EFI (Extensible Firmware Interface) capsule loader. An incorrect size calculation during memory reallocation for physical addresses can lead to an undersized buffer. This issue, specifically on 32-bit systems with Physical Address Extension (PAE), may result in a heap buffer overflow when storing physical addresses. This could potentially allow a local attacker to cause a denial of service or achieve arbitrary code execution."], "name": "CVE-2026-53047", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-06-24T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-53047\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-53047\nhttps://lore.kernel.org/linux-cve-announce/2026062458-CVE-2026-53047-7dc7@gregkh/T"], "threat_severity": "Moderate"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[f24c4d478013d82bd1b943df566fff3561d52864,22022cd8851703a58f67615a17bc7e9e8682785b)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[f24c4d478013d82bd1b943df566fff3561d52864,67adde6bfdfd563a54b045d59aeb9a2d90c80697)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[f24c4d478013d82bd1b943df566fff3561d52864,608e1f7bc9d171ab26c1fba288c97fc76363c27d)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[f24c4d478013d82bd1b943df566fff3561d52864,8be69e9245f805566bac68ffc8574b64735fd996)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[f24c4d478013d82bd1b943df566fff3561d52864,5e185330d902b12fe8e6eb4b8514b5d736d8d66d)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[f24c4d478013d82bd1b943df566fff3561d52864,e0e6b14995fd6fa2c0df8c712d76ab32f0694c31)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[f24c4d478013d82bd1b943df566fff3561d52864,ab3f7098a3a27175b91cfc947950f5c26855801b)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[f24c4d478013d82bd1b943df566fff3561d52864,48a428215782321b56956974f23593e40ce84b7a)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "95a362c9a6892085f714eb6e31eea6a0e3aa93bf"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[4.14.13,4.15)"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "4.15"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[0,4.15)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[5.10.258,5.10.*]"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[5.15.209,5.15.*]"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[6.1.175,6.1.*]"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[6.6.141,6.6.*]"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[6.12.91,6.12.*]"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[6.18.33,6.18.*]"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[7.0.10,7.0.*]"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[7.1,*]"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}], "created": "2026-06-24T21:00:11.771964+00:00", "updated": "2026-06-26T04:30:17.627801+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"]}