NVD

CVE-2026-53265 Detail

Received

This CVE record has recently been published to the CVE List and has been included within the NVD dataset.

Description

In the Linux kernel, the following vulnerability has been resolved: dm cache policy smq: check allocation under invalidate lock commit 2d1f7b65f5de ("dm cache policy smq: fix missing locks in invalidating cache blocks") added mq->lock around the destructive part of smq_invalidate_mapping(), but left the e->allocated check outside the critical section. That leaves a check-then-act race. Two concurrent invalidators can both observe e->allocated as true before either of them takes mq->lock. The first invalidator that acquires the lock removes the entry from the queues and hash table and then calls free_entry(), which clears e->allocated and puts the entry back on the free list. The second invalidator can then acquire mq->lock and continue with the stale result of the unlocked check. This can corrupt the SMQ queues or hash table by deleting an entry that is no longer on those structures. It can also hit the allocation check in free_entry() when the same entry is freed again. Move the allocation check under mq->lock so the predicate and the destructive operations are serialized by the same lock.

Metrics

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.

CVSS 4.0 Severity and Vector Strings:

NIST: NVD

N/A

NVD assessment not yet provided.

CVSS 3.x Severity and Vector Strings:

NIST: NVD

Base Score: N/A

NVD assessment not yet provided.

Nist CVSS score does not match with CNA score

CNA: kernel.org

Base Score: 7.8 HIGH

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS 2.0 Severity and Vector Strings:

National Institute of Standards and Technology

NIST: NVD

Base Score: N/A

NVD assessment not yet provided.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

URL	Source(s)	Tag(s)
https://git.kernel.org/stable/c/03ffe1112ed88bb3a9bd0b971549bf4d64bfc59a	kernel.org
https://git.kernel.org/stable/c/13da856c86fb8c2ccab95034fd77da1bb2c2a17c	kernel.org
https://git.kernel.org/stable/c/42ff6774ecd9d7f70d599cb71ff64373a1da4948	kernel.org
https://git.kernel.org/stable/c/b4892561552d671bd8c4da5ebb70e9fbb1ec446e	kernel.org
https://git.kernel.org/stable/c/c242c7af2aecf0b538b8623bdb86b8b441da38d9	kernel.org
https://git.kernel.org/stable/c/c57570fba24016ec25ec046ab44db39143fb7a64	kernel.org
https://git.kernel.org/stable/c/d3f0a606b9f278ece8a0df626ded9c4044071235	kernel.org
https://git.kernel.org/stable/c/d886945fcb0f8c9dc6b39928d7a96c95c587346c	kernel.org

Weakness Enumeration

CWE-ID	CWE Name	Source

Change History

2 change records found show changes

New CVE Received from kernel.org 6/25/2026 5:16:44 AM

Action	Type	New Value
Added	Description	In the Linux kernel, the following vulnerability has been resolved: dm cache policy smq: check allocation under invalidate lock commit 2d1f7b65f5de ("dm cache policy smq: fix missing locks in invalidating cache blocks") added mq->lock around the destructive part of smq_invalidate_mapping(), but left the e->allocated check outside the critical section. That leaves a check-then-act race. Two concurrent invalidators can both observe e->allocated as true before either of them takes mq->lock. The first invalidator that acquires the lock removes the entry from the queues and hash table and then calls free_entry(), which clears e->allocated and puts the entry back on the free list. The second invalidator can then acquire mq->lock and continue with the stale result of the unlocked check. This can corrupt the SMQ queues or hash table by deleting an entry that is no longer on those structures. It can also hit the allocation check in free_entry() when the same entry is freed again. Move the allocation check under mq->lock so the predicate and the destructive operations are serialized by the same lock.
Added	Reference	https://git.kernel.org/stable/c/03ffe1112ed88bb3a9bd0b971549bf4d64bfc59a
Added	Reference	https://git.kernel.org/stable/c/13da856c86fb8c2ccab95034fd77da1bb2c2a17c
Added	Reference	https://git.kernel.org/stable/c/42ff6774ecd9d7f70d599cb71ff64373a1da4948
Added	Reference	https://git.kernel.org/stable/c/b4892561552d671bd8c4da5ebb70e9fbb1ec446e
Added	Reference	https://git.kernel.org/stable/c/c242c7af2aecf0b538b8623bdb86b8b441da38d9
Added	Reference	https://git.kernel.org/stable/c/c57570fba24016ec25ec046ab44db39143fb7a64
Added	Reference	https://git.kernel.org/stable/c/d3f0a606b9f278ece8a0df626ded9c4044071235
Added	Reference	https://git.kernel.org/stable/c/d886945fcb0f8c9dc6b39928d7a96c95c587346c
Added	Affected	Record truncated, showing 2048 of 2207 characters. View Entire Change Record [{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/md/dm-cache-policy-smq.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"4991b5a08751e2e82488fb93ae08849b6aea10d9","lessThan":"c242c7af2aecf0b538b8623bdb86b8b441da38d9","versionType":"git","status":"affected"},{"version":"1b2bec4a7dcf5f00b7a1cbeeec8997841d783513","lessThan":"13da856c86fb8c2ccab95034fd77da1bb2c2a17c","versionType":"git","status":"affected"},{"version":"9a5fdfb9e57ec3a8ad2b8fce5e5ffa42d53b130e","lessThan":"d886945fcb0f8c9dc6b39928d7a96c95c587346c","versionType":"git","status":"affected"},{"version":"ac5ee99443891bdb161f5539606a66a1b5e72542","lessThan":"b4892561552d671bd8c4da5ebb70e9fbb1ec446e","versionType":"git","status":"affected"},{"version":"93627a29d4b66d4a2def938dfb8610cc80ae454b","lessThan":"03ffe1112ed88bb3a9bd0b971549bf4d64bfc59a","versionType":"git","status":"affected"},{"version":"c348ae47d8e65f06429fa41adce9ad986b696766","lessThan":"42ff6774ecd9d7f70d599cb71ff64373a1da4948","versionType":"git","status":"affected"},{"version":"2b62d0611c9af14a16bddf22df2612b4f40eb5a1","lessThan":"c57570fba24016ec25ec046ab44db39143fb7a64","versionType":"git","status":"affected"},{"version":"2d1f7b65f5deedd2e6b09fdc6ea27f8375f24b45","lessThan":"d3f0a606b9f278ece8a0df626ded9c4044071235","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/md/dm-cache-policy-smq.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"5.10.258","lessThan":"5.10.259","versionType":"semver","status":"affected"},{"version":"5.15.209","lessThan":"5.15.210","versionType":"semver","status":"affected"},{"version":"6.1.175","lessThan":"6.1.176","versionType":"semver","status":"affected"},{"version":"6.6.141","lessThan":"6.6.143","versionType":"semver","status":"affected"},{"version":"6.12.91","lessThan":"6.12.94","versionType":"semver","status":"affected"},{"version":"6

Quick Info

CVE Dictionary Entry:
CVE-2026-53265
NVD Published Date:
06/25/2026
NVD Last Modified:
06/28/2026
Source:
kernel.org

You are viewing this page in an unauthorized frame window.

Information Technology Laboratory

National Vulnerability Database

National Vulnerability Database

CVE-2026-53265 Detail

Description

Metrics

References to Advisories, Solutions, and Tools

Weakness Enumeration

Change History

CVE Modified by kernel.org 6/28/2026 4:16:41 AM

New CVE Received from kernel.org 6/25/2026 5:16:44 AM

Quick Info