{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-53321", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-06-09T07:44:35.398Z", "datePublished": "2026-06-26T19:41:12.589Z", "dateUpdated": "2026-06-26T19:41:12.589Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-06-26T19:41:12.589Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring/napi: cap busy_poll_to 10 msec\n\nCurrently there's no cap on the maximum amount of time that napi is\nallowed to poll if no events are found, which can lead to kernel\ncomplaints on a task being stuck as there's no conditional rescheduling\ndone within that loop.\n\nJust cap it to 10 msec in total, that's already way above any kind of\nsane value that will reap any benefits, yet low enough that it's\nnowhere near being able to trigger preemption complaints."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["io_uring/napi.c"], "versions": [{"version": "8d0c12a80cdeb80d5e0510e96d38fe551ed8e9b5", "lessThan": "39767f944a8c9e696566c37ad5b20131406c4b8d", "status": "affected", "versionType": "git"}, {"version": "8d0c12a80cdeb80d5e0510e96d38fe551ed8e9b5", "lessThan": "cb3af525f8dfb8930f0c123e5755fa967a12d5c1", "status": "affected", "versionType": "git"}, {"version": "8d0c12a80cdeb80d5e0510e96d38fe551ed8e9b5", "lessThan": "df8599ee18c0e5fe343ffe0b4c379636b8bb839a", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["io_uring/napi.c"], "versions": [{"version": "6.9", "status": "affected"}, {"version": "0", "lessThan": "6.9", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.33", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0.10", "lessThanOrEqual": "7.0.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.1", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.9", "versionEndExcluding": "6.18.33"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.9", "versionEndExcluding": "7.0.10"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.9", "versionEndExcluding": "7.1"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/39767f944a8c9e696566c37ad5b20131406c4b8d"}, {"url": "https://git.kernel.org/stable/c/cb3af525f8dfb8930f0c123e5755fa967a12d5c1"}, {"url": "https://git.kernel.org/stable/c/df8599ee18c0e5fe343ffe0b4c379636b8bb839a"}], "title": "io_uring/napi: cap busy_poll_to 10 msec", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{}

{"bugzilla": {"description": "kernel: io_uring/napi: cap busy_poll_to 10 msec", "id": "2493708", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493708"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-835", "details": ["A flaw was found in the Linux kernel's io_uring subsystem, specifically in the Networked Asynchronous Packet Interface (NAPI) busy polling. This vulnerability allows NAPI to poll indefinitely for events when none are present, which can cause a task to become stuck. This can lead to a Denial of Service (DoS) condition, making the system unresponsive. The issue is addressed by implementing a 10-millisecond cap on the busy polling duration."], "name": "CVE-2026-53321", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-06-26T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-53321\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-53321\nhttps://lore.kernel.org/linux-cve-announce/2026062622-CVE-2026-53321-d475@gregkh/T"], "threat_severity": "Moderate"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[8d0c12a80cdeb80d5e0510e96d38fe551ed8e9b5,39767f944a8c9e696566c37ad5b20131406c4b8d)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[8d0c12a80cdeb80d5e0510e96d38fe551ed8e9b5,cb3af525f8dfb8930f0c123e5755fa967a12d5c1)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[8d0c12a80cdeb80d5e0510e96d38fe551ed8e9b5,df8599ee18c0e5fe343ffe0b4c379636b8bb839a)"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "6.9"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[0,6.9)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.18.33,7.0.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[7.0.10,8.0.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[7.1,*]"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}], "created": "2026-06-26T22:00:07.661206+00:00", "updated": "2026-06-29T13:45:07.355387+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"], "weaknesses": ["CWE-400", "CWE-835"]}