NVD

CVE-2026-53215 Detail

Received

This CVE record has recently been published to the CVE List and has been included within the NVD dataset.

Description

In the Linux kernel, the following vulnerability has been resolved: net: mvpp2: refill RX buffers before XDP or skb use The RX error path returns the current descriptor buffer to the hardware BM pool. That is only valid while the driver still owns the buffer. mvpp2_rx_refill() can fail after the current buffer has been handed to XDP or attached to an skb. In those cases mvpp2_run_xdp() may have recycled, redirected, or queued the page for XDP_TX, and an skb free also retires the data buffer. Returning such a buffer to BM lets hardware DMA into memory that is no longer owned by the RX ring. Refill the BM pool before handing the current buffer to XDP or to the skb. If the allocation fails there, drop the packet and return the still-owned current buffer to BM, preserving the pool depth. Once the refill succeeds, later local drops retire/free the current buffer instead of returning it to BM.

Metrics

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.

CVSS 4.0 Severity and Vector Strings:

NIST: NVD

N/A

NVD assessment not yet provided.

CVSS 3.x Severity and Vector Strings:

NIST: NVD

Base Score: N/A

NVD assessment not yet provided.

CVSS 2.0 Severity and Vector Strings:

National Institute of Standards and Technology

NIST: NVD

Base Score: N/A

NVD assessment not yet provided.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

URL	Source(s)	Tag(s)
https://git.kernel.org/stable/c/02e1b5c4d3b4c658b72c145427cded1bba613fc1	kernel.org
https://git.kernel.org/stable/c/580f92f27cb8724bcc4be98ee89890eab524a2ae	kernel.org
https://git.kernel.org/stable/c/5e8e2a9624df72fca7c736b2966b2cbf6c9c3ff6	kernel.org
https://git.kernel.org/stable/c/8a2126c5afe89f8ceeb60a3afb9f075b736194cd	kernel.org
https://git.kernel.org/stable/c/a03cdcedb2cbcc42551dc3e4746929e93c5352d5	kernel.org
https://git.kernel.org/stable/c/a88b3293b556f4d8fba11db9a8061a6b0d3b69e6	kernel.org
https://git.kernel.org/stable/c/d0c8c4fbd22d260fe28530260656c5fb3c20ce84	kernel.org

Weakness Enumeration

CWE-ID	CWE Name	Source

Change History

1 change records found show changes

New CVE Received from kernel.org 6/25/2026 5:16:39 AM

Action	Type	New Value
Added	Description	In the Linux kernel, the following vulnerability has been resolved: net: mvpp2: refill RX buffers before XDP or skb use The RX error path returns the current descriptor buffer to the hardware BM pool. That is only valid while the driver still owns the buffer. mvpp2_rx_refill() can fail after the current buffer has been handed to XDP or attached to an skb. In those cases mvpp2_run_xdp() may have recycled, redirected, or queued the page for XDP_TX, and an skb free also retires the data buffer. Returning such a buffer to BM lets hardware DMA into memory that is no longer owned by the RX ring. Refill the BM pool before handing the current buffer to XDP or to the skb. If the allocation fails there, drop the packet and return the still-owned current buffer to BM, preserving the pool depth. Once the refill succeeds, later local drops retire/free the current buffer instead of returning it to BM.
Added	Reference	https://git.kernel.org/stable/c/02e1b5c4d3b4c658b72c145427cded1bba613fc1
Added	Reference	https://git.kernel.org/stable/c/580f92f27cb8724bcc4be98ee89890eab524a2ae
Added	Reference	https://git.kernel.org/stable/c/5e8e2a9624df72fca7c736b2966b2cbf6c9c3ff6
Added	Reference	https://git.kernel.org/stable/c/8a2126c5afe89f8ceeb60a3afb9f075b736194cd
Added	Reference	https://git.kernel.org/stable/c/a03cdcedb2cbcc42551dc3e4746929e93c5352d5
Added	Reference	https://git.kernel.org/stable/c/a88b3293b556f4d8fba11db9a8061a6b0d3b69e6
Added	Reference	https://git.kernel.org/stable/c/d0c8c4fbd22d260fe28530260656c5fb3c20ce84
Added	Affected	Record truncated, showing 2048 of 2612 characters. View Entire Change Record [{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/net/ethernet/marvell/mvpp2/mvpp2_main.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"07dd0a7aae7f72af7cec18909581c2bb570edddc","lessThan":"a88b3293b556f4d8fba11db9a8061a6b0d3b69e6","versionType":"git","status":"affected"},{"version":"07dd0a7aae7f72af7cec18909581c2bb570edddc","lessThan":"a03cdcedb2cbcc42551dc3e4746929e93c5352d5","versionType":"git","status":"affected"},{"version":"07dd0a7aae7f72af7cec18909581c2bb570edddc","lessThan":"580f92f27cb8724bcc4be98ee89890eab524a2ae","versionType":"git","status":"affected"},{"version":"07dd0a7aae7f72af7cec18909581c2bb570edddc","lessThan":"d0c8c4fbd22d260fe28530260656c5fb3c20ce84","versionType":"git","status":"affected"},{"version":"07dd0a7aae7f72af7cec18909581c2bb570edddc","lessThan":"8a2126c5afe89f8ceeb60a3afb9f075b736194cd","versionType":"git","status":"affected"},{"version":"07dd0a7aae7f72af7cec18909581c2bb570edddc","lessThan":"02e1b5c4d3b4c658b72c145427cded1bba613fc1","versionType":"git","status":"affected"},{"version":"07dd0a7aae7f72af7cec18909581c2bb570edddc","lessThan":"5e8e2a9624df72fca7c736b2966b2cbf6c9c3ff6","versionType":"git","status":"affected"},{"version":"95a936364f2685e9e040c6b179b553604d96de22","versionType":"git","status":"affected"},{"version":"fba2cf348d9eb50b2049a73cc09313dab6d293f1","versionType":"git","status":"affected"},{"version":"5.7.15","lessThan":"5.8","versionType":"semver","status":"affected"},{"version":"5.8.2","lessThan":"5.9","versionType":"semver","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/net/ethernet/marvell/mvpp2/mvpp2_main.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"5.9","status":"affected"},{"version":"0","lessThan":"5.9","versionType":"semver","status":"unaffected"},{"version":"5.15.210","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"vers

Quick Info

CVE Dictionary Entry:
CVE-2026-53215
NVD Published Date:
06/25/2026
NVD Last Modified:
06/25/2026
Source:
kernel.org

You are viewing this page in an unauthorized frame window.

Information Technology Laboratory

National Vulnerability Database

National Vulnerability Database

CVE-2026-53215 Detail

Description

Metrics

References to Advisories, Solutions, and Tools

Weakness Enumeration

Change History

New CVE Received from kernel.org 6/25/2026 5:16:39 AM

Quick Info