CVE-2026-53031 - Vulnerability Details - OpenCVE

In the Linux kernel, the following vulnerability has been resolved: bpf: Validate node_id in arena_alloc_pages() arena_alloc_pages() accepts a plain int node_id and forwards it through the entire allocation chain without any bounds checking. Validate node_id before passing it down the allocation chain in arena_alloc_pages().

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux	Linux Kernel

No data.

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors	Products

References

Link	Providers
https://git.kernel.org/stable/c/2845989f2ebaf7848e4eccf9a779daf3156ea0a5
https://git.kernel.org/stable/c/31d3b4b28e55835646d6829d60023f730dd34e85
https://git.kernel.org/stable/c/e15900888c09480a4c632bc598f1c5bd39bed6d6
https://git.kernel.org/stable/c/fb66e20130f95a93ffea1677252526a9e39170b2

History

Wed, 24 Jun 2026 19:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-20

Wed, 24 Jun 2026 17:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: bpf: Validate node_id in arena_alloc_pages() arena_alloc_pages() accepts a plain int node_id and forwards it through the entire allocation chain without any bounds checking. Validate node_id before passing it down the allocation chain in arena_alloc_pages().
Title		bpf: Validate node_id in arena_alloc_pages()
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/2845989f2ebaf7848e4eccf9a779daf3156ea0a5 https://git.kernel.org/stable/c/31d3b4b28e55835646d6829d60023f730dd34e85 https://git.kernel.org/stable/c/e15900888c09480a4c632bc598f1c5bd39bed6d6 https://git.kernel.org/stable/c/fb66e20130f95a93ffea1677252526a9e39170b2

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-06-24T16:29:39.043Z

Updated: 2026-06-24T16:29:39.043Z

Reserved: 2026-06-09T07:44:35.380Z

Link: CVE-2026-53031

Vulnrichment

No data.

NVD

No data.

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-06-24T19:00:06Z

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-53031", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-06-09T07:44:35.380Z", "datePublished": "2026-06-24T16:29:39.043Z", "dateUpdated": "2026-06-24T16:29:39.043Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-06-24T16:29:39.043Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Validate node_id in arena_alloc_pages()\n\narena_alloc_pages() accepts a plain int node_id and forwards it through\nthe entire allocation chain without any bounds checking.\n\nValidate node_id before passing it down the allocation chain in\narena_alloc_pages()."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["kernel/bpf/arena.c"], "versions": [{"version": "317460317a02a1af512697e6e964298dedd8a163", "lessThan": "31d3b4b28e55835646d6829d60023f730dd34e85", "status": "affected", "versionType": "git"}, {"version": "317460317a02a1af512697e6e964298dedd8a163", "lessThan": "e15900888c09480a4c632bc598f1c5bd39bed6d6", "status": "affected", "versionType": "git"}, {"version": "317460317a02a1af512697e6e964298dedd8a163", "lessThan": "fb66e20130f95a93ffea1677252526a9e39170b2", "status": "affected", "versionType": "git"}, {"version": "317460317a02a1af512697e6e964298dedd8a163", "lessThan": "2845989f2ebaf7848e4eccf9a779daf3156ea0a5", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["kernel/bpf/arena.c"], "versions": [{"version": "6.9", "status": "affected"}, {"version": "0", "lessThan": "6.9", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.91", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.33", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0.10", "lessThanOrEqual": "7.0.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.1", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.9", "versionEndExcluding": "6.12.91"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.9", "versionEndExcluding": "6.18.33"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.9", "versionEndExcluding": "7.0.10"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.9", "versionEndExcluding": "7.1"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/31d3b4b28e55835646d6829d60023f730dd34e85"}, {"url": "https://git.kernel.org/stable/c/e15900888c09480a4c632bc598f1c5bd39bed6d6"}, {"url": "https://git.kernel.org/stable/c/fb66e20130f95a93ffea1677252526a9e39170b2"}, {"url": "https://git.kernel.org/stable/c/2845989f2ebaf7848e4eccf9a779daf3156ea0a5"}], "title": "bpf: Validate node_id in arena_alloc_pages()", "x_generator": {"engine": "bippy-1.2.0"}}}}