NVD

CVE-2026-53288 Detail

Received

This CVE record has recently been published to the CVE List and has been included within the NVD dataset.

Description

In the Linux kernel, the following vulnerability has been resolved: arm64: Reserve an extra page for early kernel mapping The final part of [data, end) segment may overflow into the next page of init_pg_end[1] which is the gap page before early_init_stack[2]: [1] crash_arm64_v9.0.1> vtop ffffffed00601000 VIRTUAL PHYSICAL ffffffed00601000 83401000 PAGE DIRECTORY: ffffffecffd62000 PGD: ffffffecffd62da0 => 10000000833fb003 PMD: ffffff80033fb018 => 10000000833fe003 PTE: ffffff80033fe008 => 68000083401f03 PAGE: 83401000 PTE PHYSICAL FLAGS 68000083401f03 83401000 (VALID|SHARED|AF|NG|PXN|UXN) PAGE PHYSICAL MAPPING INDEX CNT FLAGS fffffffec00d0040 83401000 0 0 1 4000 reserved [2] ffffffed002c8000 (r) __pi__data ffffffed0054e000 (d) __pi___bss_start ffffffed005f5000 (b) __pi_init_pg_dir ffffffed005fe000 (b) __pi_init_pg_end ffffffed005ff000 (B) early_init_stack ffffffed00608000 (b) __pi__end For 4K pages, the early kernel mapping may use 2MB block entries but the kernel segments are only 64KB aligned. Segment boundaries that fall within a 2MB block therefore require a PTE table so that different attributes can be applied on either side of the boundary. KERNEL_SEGMENT_COUNT still correctly counts the five permanent kernel VMAs registered by declare_kernel_vmas(). However, since commit 5973a62efa34 ("arm64: map [_text, _stext) virtual address range non-executable+read-only"), the early mapper also maps [_text, _stext) separately from [_stext, _etext). This adds one more early-only split and can require one more page-table page than the existing EARLY_SEGMENT_EXTRA_PAGES allowance reserves. Increase the 4K-page early mapping allowance by one page to cover that additional split. [[email protected]: rewrote part of the commit log] [[email protected]: expanded the code comment]

Metrics

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.

CVSS 4.0 Severity and Vector Strings:

NIST: NVD

N/A

NVD assessment not yet provided.

CVSS 3.x Severity and Vector Strings:

NIST: NVD

Base Score: N/A

NVD assessment not yet provided.

CVSS 2.0 Severity and Vector Strings:

National Institute of Standards and Technology

NIST: NVD

Base Score: N/A

NVD assessment not yet provided.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

URL	Source(s)	Tag(s)
https://git.kernel.org/stable/c/4d8e74ad4585672489da6145b3328d415f50db82	kernel.org
https://git.kernel.org/stable/c/9fe9e3acaa14921b0cf0d6cc2de5b562499bf721	kernel.org
https://git.kernel.org/stable/c/a4ff33053da0a34b14abb5c96dc5a48379e26fce	kernel.org
https://git.kernel.org/stable/c/dcb89deed40ba55ff7020061712fdabf098cc2cc	kernel.org

Weakness Enumeration

CWE-ID	CWE Name	Source

Change History

1 change records found show changes

New CVE Received from kernel.org 6/26/2026 4:17:21 PM

Action	Type	New Value
Added	Description	In the Linux kernel, the following vulnerability has been resolved: arm64: Reserve an extra page for early kernel mapping The final part of [data, end) segment may overflow into the next page of init_pg_end[1] which is the gap page before early_init_stack[2]: [1] crash_arm64_v9.0.1> vtop ffffffed00601000 VIRTUAL PHYSICAL ffffffed00601000 83401000 PAGE DIRECTORY: ffffffecffd62000 PGD: ffffffecffd62da0 => 10000000833fb003 PMD: ffffff80033fb018 => 10000000833fe003 PTE: ffffff80033fe008 => 68000083401f03 PAGE: 83401000 PTE PHYSICAL FLAGS 68000083401f03 83401000 (VALID\|SHARED\|AF\|NG\|PXN\|UXN) PAGE PHYSICAL MAPPING INDEX CNT FLAGS fffffffec00d0040 83401000 0 0 1 4000 reserved [2] ffffffed002c8000 (r) __pi__data ffffffed0054e000 (d) __pi___bss_start ffffffed005f5000 (b) __pi_init_pg_dir ffffffed005fe000 (b) __pi_init_pg_end ffffffed005ff000 (B) early_init_stack ffffffed00608000 (b) __pi__end For 4K pages, the early kernel mapping may use 2MB block entries but the kernel segments are only 64KB aligned. Segment boundaries that fall within a 2MB block therefore require a PTE table so that different attributes can be applied on either side of the boundary. KERNEL_SEGMENT_COUNT still correctly counts the five permanent kernel VMAs registered by declare_kernel_vmas(). However, since commit 5973a62efa34 ("arm64: map [_text, _stext) virtual address range non-executable+read-only"), the early mapper also maps [_text, _stext) separately from [_stext, _etext). This adds one more early-only split and can require one more page-table page than the existing EARLY_SEGMENT_EXTRA_PAGES allowance reserves. Increase the 4K-page early mapping allowance by one page to cover that additional split. [[email protected]: rewrote part of the commit log] [[email protected]: expanded the code comment]
Added	Reference	https://git.kernel.org/stable/c/4d8e74ad4585672489da6145b3328d415f50db82
Added	Reference	https://git.kernel.org/stable/c/9fe9e3acaa14921b0cf0d6cc2de5b562499bf721
Added	Reference	https://git.kernel.org/stable/c/a4ff33053da0a34b14abb5c96dc5a48379e26fce
Added	Reference	https://git.kernel.org/stable/c/dcb89deed40ba55ff7020061712fdabf098cc2cc
Added	Affected	[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["arch/arm64/include/asm/kernel-pgtable.h"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"fdd380a5950503a07aaaf74536a0c2f223475eb0","lessThan":"a4ff33053da0a34b14abb5c96dc5a48379e26fce","versionType":"git","status":"affected"},{"version":"5973a62efa34c80c9a4e5eac1fca6f6209b902af","lessThan":"dcb89deed40ba55ff7020061712fdabf098cc2cc","versionType":"git","status":"affected"},{"version":"5973a62efa34c80c9a4e5eac1fca6f6209b902af","lessThan":"9fe9e3acaa14921b0cf0d6cc2de5b562499bf721","versionType":"git","status":"affected"},{"version":"5973a62efa34c80c9a4e5eac1fca6f6209b902af","lessThan":"4d8e74ad4585672489da6145b3328d415f50db82","versionType":"git","status":"affected"},{"version":"88025faf2aa08c7468d68d8cb31a53b55aae6ee0","versionType":"git","status":"affected"},{"version":"6.12.54","lessThan":"6.12.91","versionType":"semver","status":"affected"},{"version":"6.17.4","lessThan":"6.18","versionType":"semver","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["arch/arm64/include/asm/kernel-pgtable.h"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.18","status":"affected"},{"version":"0","lessThan":"6.18","versionType":"semver","status":"unaffected"},{"version":"6.12.91","lessThanOrEqual":"6.12.","versionType":"semver","status":"unaffected"},{"version":"6.18.33","lessThanOrEqual":"6.18.","versionType":"semver","status":"unaffected"},{"version":"7.0.10","lessThanOrEqual":"7.0.","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"","versionType":"original_commit_for_fix","status":"unaffected"}]}]

Quick Info

CVE Dictionary Entry:
CVE-2026-53288
NVD Published Date:
06/26/2026
NVD Last Modified:
06/26/2026
Source:
kernel.org

You are viewing this page in an unauthorized frame window.

Information Technology Laboratory

National Vulnerability Database

National Vulnerability Database

CVE-2026-53288 Detail

Description

Metrics

References to Advisories, Solutions, and Tools

Weakness Enumeration

Change History

New CVE Received from kernel.org 6/26/2026 4:17:21 PM

Quick Info