CVE-2026-53309 - Vulnerability Details

- ocfs2/dlm: fix off-by-one in dlm_match_regions() region comparison

Description

In the Linux kernel, the following vulnerability has been resolved:

ocfs2/dlm: fix off-by-one in dlm_match_regions() region comparison

The local-vs-remote region comparison loop uses '<=' instead of '<',
causing it to read one entry past the valid range of qr_regions. The
other loops in the same function correctly use '<'.

Fix the loop condition to use '<' for consistency and correctness.

Published: 2026-06-26

Score: 9.8 Critical

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`ea2034416b54700e30371f2ad6517cbb94674083`	affected	< 760ab35040aca8399021fdb9ff1db1089feb7194
`ea2034416b54700e30371f2ad6517cbb94674083`	affected	< c60a2710b73838d250cda57344c049b89abc5d52
`ea2034416b54700e30371f2ad6517cbb94674083`	affected	< 2a0673836f019e7c032acbf48d022d5ccf02a845
`ea2034416b54700e30371f2ad6517cbb94674083`	affected	< 819d8ebad3200a53de99bd7e297bc428e41ced54
`ea2034416b54700e30371f2ad6517cbb94674083`	affected	< d5403ae28085761d58b555645bc7d5feadb10073
`ea2034416b54700e30371f2ad6517cbb94674083`	affected	< 1fb7f356547d9688822315cd2b205ff0bd5429b4
`ea2034416b54700e30371f2ad6517cbb94674083`	affected	< 426cd8eedac89b86148d4478990eeef16e8a2520
`ea2034416b54700e30371f2ad6517cbb94674083`	affected	< 01b61e8dda9b0fdb0d4cda43de25f4e390554d7b

Linux

affected

Version	Status	Constraints
`2.6.37`	affected	—
`0`	unaffected	< 2.6.37
`5.10.258`	unaffected	≤ 5.10.*
`5.15.209`	unaffected	≤ 5.15.*
`6.1.175`	unaffected	≤ 6.1.*
`6.6.141`	unaffected	≤ 6.6.*
`6.12.91`	unaffected	≤ 6.12.*
`6.18.33`	unaffected	≤ 6.18.*
`7.0.10`	unaffected	≤ 7.0.*
`7.1`	unaffected	≤ *

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[ea2034416b54700e30371f2ad6517cbb94674083,760ab35040aca8399021fdb9ff1db1089feb7194)`	affected	code_commit	—
`[ea2034416b54700e30371f2ad6517cbb94674083,c60a2710b73838d250cda57344c049b89abc5d52)`	affected	code_commit	—
`[ea2034416b54700e30371f2ad6517cbb94674083,2a0673836f019e7c032acbf48d022d5ccf02a845)`	affected	code_commit	—
`[ea2034416b54700e30371f2ad6517cbb94674083,819d8ebad3200a53de99bd7e297bc428e41ced54)`	affected	code_commit	—
`[ea2034416b54700e30371f2ad6517cbb94674083,d5403ae28085761d58b555645bc7d5feadb10073)`	affected	code_commit	—
`[ea2034416b54700e30371f2ad6517cbb94674083,1fb7f356547d9688822315cd2b205ff0bd5429b4)`	affected	code_commit	—
`[ea2034416b54700e30371f2ad6517cbb94674083,426cd8eedac89b86148d4478990eeef16e8a2520)`	affected	code_commit	—
`[ea2034416b54700e30371f2ad6517cbb94674083,01b61e8dda9b0fdb0d4cda43de25f4e390554d7b)`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`2.6.37`	affected	semver	—
`[0,2.6.37)`	unaffected	generic	—
`[5.10.258,5.11.0)`	unaffected	semver	—
`[5.15.209,5.16.0)`	unaffected	semver	—
`[6.1.175,6.2.0)`	unaffected	semver	—
`[6.6.141,6.7.0)`	unaffected	semver	—
`[7.0.10,7.1.0)`	unaffected	semver	—
`[6.12.91,6.13.0)`	unaffected	semver	—
`[6.18.33,6.19.0)`	unaffected	semver	—
`[7.0.10,7.1.0)`	unaffected	semver	—
`[7.1,*]`	unaffected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00404.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/01b61e8dda9b0fdb0d4cda43de25f4e390554d7b
https://git.kernel.org/stable/c/1fb7f356547d9688822315cd2b205ff0bd5429b4
https://git.kernel.org/stable/c/2a0673836f019e7c032acbf48d022d5ccf02a845
https://git.kernel.org/stable/c/426cd8eedac89b86148d4478990eeef16e8a2520
https://git.kernel.org/stable/c/760ab35040aca8399021fdb9ff1db1089feb7194
https://git.kernel.org/stable/c/819d8ebad3200a53de99bd7e297bc428e41ced54
https://git.kernel.org/stable/c/c60a2710b73838d250cda57344c049b89abc5d52
https://git.kernel.org/stable/c/d5403ae28085761d58b555645bc7d5feadb10073
https://lore.kernel.org/linux-cve-announce/2026062620-CVE-2026-53309-794d@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-53309
https://www.cve.org/CVERecord?id=CVE-2026-53309

History

Mon, 29 Jun 2026 12:15:00 +0000

Type	Values Removed	Values Added
References		https://lore.kernel.org/linux-cve-announce/2026062620-CVE-2026-53309-794d@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2026-53309 https://www.cve.org/CVERecord?id=CVE-2026-53309

Sun, 28 Jun 2026 15:30:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-119 CWE-125 CWE-20

Sun, 28 Jun 2026 13:45:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-119 CWE-193

Sun, 28 Jun 2026 10:45:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-119 CWE-193

Sun, 28 Jun 2026 08:00:00 +0000

Type	Values Removed	Values Added
Metrics		cvssV3_1 `{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}`

Fri, 26 Jun 2026 20:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: ocfs2/dlm: fix off-by-one in dlm_match_regions() region comparison The local-vs-remote region comparison loop uses '<=' instead of '<', causing it to read one entry past the valid range of qr_regions. The other loops in the same function correctly use '<'. Fix the loop condition to use '<' for consistency and correctness.
Title		ocfs2/dlm: fix off-by-one in dlm_match_regions() region comparison
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/01b61e8dda9b0fdb0d4cda43de25f4e390554d7b https://git.kernel.org/stable/c/1fb7f356547d9688822315cd2b205ff0bd5429b4 https://git.kernel.org/stable/c/2a0673836f019e7c032acbf48d022d5ccf02a845 https://git.kernel.org/stable/c/426cd8eedac89b86148d4478990eeef16e8a2520 https://git.kernel.org/stable/c/760ab35040aca8399021fdb9ff1db1089feb7194 https://git.kernel.org/stable/c/819d8ebad3200a53de99bd7e297bc428e41ced54 https://git.kernel.org/stable/c/c60a2710b73838d250cda57344c049b89abc5d52 https://git.kernel.org/stable/c/d5403ae28085761d58b555645bc7d5feadb10073

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-06-26T19:41:03.505Z

Updated: 2026-06-28T06:41:30.026Z

Reserved: 2026-06-09T07:44:35.397Z

Link: CVE-2026-53309

Vulnrichment

No data.

NVD

No data.

Redhat

Severity :

Publid Date: 2026-06-26T00:00:00Z

Links: CVE-2026-53309 - Bugzilla

OpenCVE Enrichment

Updated: 2026-06-28T15:15:05Z

Weaknesses

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object