NVD

CVE-2026-53043 Detail

Received

This CVE record has recently been published to the CVE List and has been included within the NVD dataset.

Description

In the Linux kernel, the following vulnerability has been resolved: ocfs2/dlm: validate qr_numregions in dlm_match_regions() Patch series "ocfs2/dlm: fix two bugs in dlm_match_regions()". In dlm_match_regions(), the qr_numregions field from a DLM_QUERY_REGION network message is used to drive loops over the qr_regions buffer without sufficient validation. This series fixes two issues: - Patch 1 adds a bounds check to reject messages where qr_numregions exceeds O2NM_MAX_REGIONS. The o2net layer only validates message byte length; it does not constrain field values, so a crafted message can set qr_numregions up to 255 and trigger out-of-bounds reads past the 1024-byte qr_regions buffer. - Patch 2 fixes an off-by-one in the local-vs-remote comparison loop, which uses '<=' instead of '<', reading one entry past the valid range even when qr_numregions is within bounds. This patch (of 2): The qr_numregions field from a DLM_QUERY_REGION network message is used directly as loop bounds in dlm_match_regions() without checking against O2NM_MAX_REGIONS. Since qr_regions is sized for at most O2NM_MAX_REGIONS (32) entries, a crafted message with qr_numregions > 32 causes out-of-bounds reads past the qr_regions buffer. Add a bounds check for qr_numregions before entering the loops.

Metrics

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.

CVSS 4.0 Severity and Vector Strings:

NIST: NVD

N/A

NVD assessment not yet provided.

CVSS 3.x Severity and Vector Strings:

NIST: NVD

Base Score: N/A

NVD assessment not yet provided.

CVSS 2.0 Severity and Vector Strings:

National Institute of Standards and Technology

NIST: NVD

Base Score: N/A

NVD assessment not yet provided.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

URL	Source(s)	Tag(s)
https://git.kernel.org/stable/c/1f8b91275912cd428289c1fb424bebd7ff5302bd	kernel.org
https://git.kernel.org/stable/c/3c2d0de23ae4be22b6c18e8f0915be74d3b5fb21	kernel.org
https://git.kernel.org/stable/c/3f474c33ebc2e2ca3fcb587d7de4375348f13373	kernel.org
https://git.kernel.org/stable/c/6c6e8fc3c007319981647b410c29bb5775048551	kernel.org
https://git.kernel.org/stable/c/7ab3fbb01bc6d79091bc375e5235d360cd9b78be	kernel.org
https://git.kernel.org/stable/c/d3d5efade0c79dac1cac98c0cb1115432f804439	kernel.org
https://git.kernel.org/stable/c/f37de46149db49abd2b24f4f0c5a88cf4dfb5f47	kernel.org
https://git.kernel.org/stable/c/f69551139caf6d24242a0ad049ee46b264e3aee0	kernel.org

Weakness Enumeration

CWE-ID	CWE Name	Source

Change History

1 change records found show changes

New CVE Received from kernel.org 6/24/2026 1:17:16 PM

Action	Type	New Value
Added	Description	In the Linux kernel, the following vulnerability has been resolved: ocfs2/dlm: validate qr_numregions in dlm_match_regions() Patch series "ocfs2/dlm: fix two bugs in dlm_match_regions()". In dlm_match_regions(), the qr_numregions field from a DLM_QUERY_REGION network message is used to drive loops over the qr_regions buffer without sufficient validation. This series fixes two issues: - Patch 1 adds a bounds check to reject messages where qr_numregions exceeds O2NM_MAX_REGIONS. The o2net layer only validates message byte length; it does not constrain field values, so a crafted message can set qr_numregions up to 255 and trigger out-of-bounds reads past the 1024-byte qr_regions buffer. - Patch 2 fixes an off-by-one in the local-vs-remote comparison loop, which uses '<=' instead of '<', reading one entry past the valid range even when qr_numregions is within bounds. This patch (of 2): The qr_numregions field from a DLM_QUERY_REGION network message is used directly as loop bounds in dlm_match_regions() without checking against O2NM_MAX_REGIONS. Since qr_regions is sized for at most O2NM_MAX_REGIONS (32) entries, a crafted message with qr_numregions > 32 causes out-of-bounds reads past the qr_regions buffer. Add a bounds check for qr_numregions before entering the loops.
Added	Reference	https://git.kernel.org/stable/c/1f8b91275912cd428289c1fb424bebd7ff5302bd
Added	Reference	https://git.kernel.org/stable/c/3c2d0de23ae4be22b6c18e8f0915be74d3b5fb21
Added	Reference	https://git.kernel.org/stable/c/3f474c33ebc2e2ca3fcb587d7de4375348f13373
Added	Reference	https://git.kernel.org/stable/c/6c6e8fc3c007319981647b410c29bb5775048551
Added	Reference	https://git.kernel.org/stable/c/7ab3fbb01bc6d79091bc375e5235d360cd9b78be
Added	Reference	https://git.kernel.org/stable/c/d3d5efade0c79dac1cac98c0cb1115432f804439
Added	Reference	https://git.kernel.org/stable/c/f37de46149db49abd2b24f4f0c5a88cf4dfb5f47
Added	Reference	https://git.kernel.org/stable/c/f69551139caf6d24242a0ad049ee46b264e3aee0
Added	Affected	Record truncated, showing 2048 of 2465 characters. View Entire Change Record [{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["fs/ocfs2/dlm/dlmdomain.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"ea2034416b54700e30371f2ad6517cbb94674083","lessThan":"d3d5efade0c79dac1cac98c0cb1115432f804439","versionType":"git","status":"affected"},{"version":"ea2034416b54700e30371f2ad6517cbb94674083","lessThan":"f69551139caf6d24242a0ad049ee46b264e3aee0","versionType":"git","status":"affected"},{"version":"ea2034416b54700e30371f2ad6517cbb94674083","lessThan":"1f8b91275912cd428289c1fb424bebd7ff5302bd","versionType":"git","status":"affected"},{"version":"ea2034416b54700e30371f2ad6517cbb94674083","lessThan":"f37de46149db49abd2b24f4f0c5a88cf4dfb5f47","versionType":"git","status":"affected"},{"version":"ea2034416b54700e30371f2ad6517cbb94674083","lessThan":"6c6e8fc3c007319981647b410c29bb5775048551","versionType":"git","status":"affected"},{"version":"ea2034416b54700e30371f2ad6517cbb94674083","lessThan":"3f474c33ebc2e2ca3fcb587d7de4375348f13373","versionType":"git","status":"affected"},{"version":"ea2034416b54700e30371f2ad6517cbb94674083","lessThan":"3c2d0de23ae4be22b6c18e8f0915be74d3b5fb21","versionType":"git","status":"affected"},{"version":"ea2034416b54700e30371f2ad6517cbb94674083","lessThan":"7ab3fbb01bc6d79091bc375e5235d360cd9b78be","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["fs/ocfs2/dlm/dlmdomain.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"2.6.37","status":"affected"},{"version":"0","lessThan":"2.6.37","versionType":"semver","status":"unaffected"},{"version":"5.10.258","lessThanOrEqual":"5.10.","versionType":"semver","status":"unaffected"},{"version":"5.15.209","lessThanOrEqual":"5.15.","versionType":"semver","status":"unaffected"},{"version":"6.1.175","lessThanOrEqual":"6.1.","versionType":"semver","status":"unaffected"},{"version":"6.6.141","lessThanOrEqual":"6.6.","versionType"

Quick Info

CVE Dictionary Entry:
CVE-2026-53043
NVD Published Date:
06/24/2026
NVD Last Modified:
06/24/2026
Source:
kernel.org

You are viewing this page in an unauthorized frame window.

Information Technology Laboratory

National Vulnerability Database

National Vulnerability Database

CVE-2026-53043 Detail

Description

Metrics

References to Advisories, Solutions, and Tools

Weakness Enumeration

Change History

New CVE Received from kernel.org 6/24/2026 1:17:16 PM

Quick Info