NVD

CVE-2026-53304 Detail

Received

This CVE record has recently been published to the CVE List and has been included within the NVD dataset.

Description

In the Linux kernel, the following vulnerability has been resolved: scsi: sg: Resolve soft lockup issue when opening /dev/sgX The parameter def_reserved_size defines the default buffer size reserved for each Sg_fd and should be restricted to a range between 0 and 1,048,576 (see https://tldp.org/HOWTO/SCSI-Generic-HOWTO/proc.html). Although the function sg_proc_write_dressz enforces this limit, it is possible to bypass it by directly modifying the module parameter as shown below, which then causes a soft lockup: echo -1 > /sys/module/sg/parameters/def_reserved_size exec 4<> /dev/sg0 watchdog: BUG: soft lockup - CPU#5 stuck for 26 seconds! [bash:537] Modules loaded: CPU: 5 UID: 0 PID: 537 Command: bash, kernel version 6.19.0-rc3+ #134, PREEMPT disabled Hardware: QEMU Standard PC (i440FX + PIIX, 1996), BIOS version 1.16.1-2.fc37 dated 04/01/2014 ... Call Trace: sg_build_reserve+0x5c/0xa0 sg_add_sfp+0x168/0x270 sg_open+0x16e/0x340 chrdev_open+0xbe/0x230 do_dentry_open+0x175/0x480 vfs_open+0x34/0xf0 do_open+0x265/0x3d0 path_openat+0x110/0x290 do_filp_open+0xc3/0x170 do_sys_openat2+0x71/0xe0 __x64_sys_openat+0x6d/0xa0 do_syscall_64+0x62/0x310 entry_SYSCALL_64_after_hwframe+0x76/0x7e The fix is to use module_param_cb to validate and reject invalid values assigned to def_reserved_size.

Metrics

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.

CVSS 4.0 Severity and Vector Strings:

NIST: NVD

N/A

NVD assessment not yet provided.

CVSS 3.x Severity and Vector Strings:

NIST: NVD

Base Score: N/A

NVD assessment not yet provided.

CVSS 2.0 Severity and Vector Strings:

National Institute of Standards and Technology

NIST: NVD

Base Score: N/A

NVD assessment not yet provided.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

URL	Source(s)	Tag(s)
https://git.kernel.org/stable/c/1afd963fcd963db0dc5d47df6dfcf010c9c4647e	kernel.org
https://git.kernel.org/stable/c/3d74e0654ac908c65a8f20373091826fe43b1363	kernel.org
https://git.kernel.org/stable/c/9676ca7b1ef31a3a65b3e61e7ce3b54ce7364202	kernel.org
https://git.kernel.org/stable/c/c47ccfb3d80dfed522ca06a5954ac97488d78c5a	kernel.org
https://git.kernel.org/stable/c/c5f4a211e82d04ccc1809311322c47023bbe66e2	kernel.org
https://git.kernel.org/stable/c/d06a310b45e153872033dd0cf19d5a2279121099	kernel.org
https://git.kernel.org/stable/c/fe671d3c84ffb1b763d590c25195755adeaadaba	kernel.org
https://git.kernel.org/stable/c/feade299e932967de27519338d41de348fb5b061	kernel.org

Weakness Enumeration

CWE-ID	CWE Name	Source

Change History

1 change records found show changes

New CVE Received from kernel.org 6/26/2026 4:17:23 PM

Action	Type	New Value
Added	Description	In the Linux kernel, the following vulnerability has been resolved: scsi: sg: Resolve soft lockup issue when opening /dev/sgX The parameter def_reserved_size defines the default buffer size reserved for each Sg_fd and should be restricted to a range between 0 and 1,048,576 (see https://tldp.org/HOWTO/SCSI-Generic-HOWTO/proc.html). Although the function sg_proc_write_dressz enforces this limit, it is possible to bypass it by directly modifying the module parameter as shown below, which then causes a soft lockup: echo -1 > /sys/module/sg/parameters/def_reserved_size exec 4<> /dev/sg0 watchdog: BUG: soft lockup - CPU#5 stuck for 26 seconds! [bash:537] Modules loaded: CPU: 5 UID: 0 PID: 537 Command: bash, kernel version 6.19.0-rc3+ #134, PREEMPT disabled Hardware: QEMU Standard PC (i440FX + PIIX, 1996), BIOS version 1.16.1-2.fc37 dated 04/01/2014 ... Call Trace: sg_build_reserve+0x5c/0xa0 sg_add_sfp+0x168/0x270 sg_open+0x16e/0x340 chrdev_open+0xbe/0x230 do_dentry_open+0x175/0x480 vfs_open+0x34/0xf0 do_open+0x265/0x3d0 path_openat+0x110/0x290 do_filp_open+0xc3/0x170 do_sys_openat2+0x71/0xe0 __x64_sys_openat+0x6d/0xa0 do_syscall_64+0x62/0x310 entry_SYSCALL_64_after_hwframe+0x76/0x7e The fix is to use module_param_cb to validate and reject invalid values assigned to def_reserved_size.
Added	Reference	https://git.kernel.org/stable/c/1afd963fcd963db0dc5d47df6dfcf010c9c4647e
Added	Reference	https://git.kernel.org/stable/c/3d74e0654ac908c65a8f20373091826fe43b1363
Added	Reference	https://git.kernel.org/stable/c/9676ca7b1ef31a3a65b3e61e7ce3b54ce7364202
Added	Reference	https://git.kernel.org/stable/c/c47ccfb3d80dfed522ca06a5954ac97488d78c5a
Added	Reference	https://git.kernel.org/stable/c/c5f4a211e82d04ccc1809311322c47023bbe66e2
Added	Reference	https://git.kernel.org/stable/c/d06a310b45e153872033dd0cf19d5a2279121099
Added	Reference	https://git.kernel.org/stable/c/fe671d3c84ffb1b763d590c25195755adeaadaba
Added	Reference	https://git.kernel.org/stable/c/feade299e932967de27519338d41de348fb5b061
Added	Affected	Record truncated, showing 2048 of 2451 characters. View Entire Change Record [{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/scsi/sg.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6460e75a104d10458817d2f5b2fbff775bf0b43a","lessThan":"3d74e0654ac908c65a8f20373091826fe43b1363","versionType":"git","status":"affected"},{"version":"6460e75a104d10458817d2f5b2fbff775bf0b43a","lessThan":"c47ccfb3d80dfed522ca06a5954ac97488d78c5a","versionType":"git","status":"affected"},{"version":"6460e75a104d10458817d2f5b2fbff775bf0b43a","lessThan":"fe671d3c84ffb1b763d590c25195755adeaadaba","versionType":"git","status":"affected"},{"version":"6460e75a104d10458817d2f5b2fbff775bf0b43a","lessThan":"c5f4a211e82d04ccc1809311322c47023bbe66e2","versionType":"git","status":"affected"},{"version":"6460e75a104d10458817d2f5b2fbff775bf0b43a","lessThan":"9676ca7b1ef31a3a65b3e61e7ce3b54ce7364202","versionType":"git","status":"affected"},{"version":"6460e75a104d10458817d2f5b2fbff775bf0b43a","lessThan":"1afd963fcd963db0dc5d47df6dfcf010c9c4647e","versionType":"git","status":"affected"},{"version":"6460e75a104d10458817d2f5b2fbff775bf0b43a","lessThan":"feade299e932967de27519338d41de348fb5b061","versionType":"git","status":"affected"},{"version":"6460e75a104d10458817d2f5b2fbff775bf0b43a","lessThan":"d06a310b45e153872033dd0cf19d5a2279121099","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/scsi/sg.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"2.6.19","status":"affected"},{"version":"0","lessThan":"2.6.19","versionType":"semver","status":"unaffected"},{"version":"5.10.258","lessThanOrEqual":"5.10.","versionType":"semver","status":"unaffected"},{"version":"5.15.209","lessThanOrEqual":"5.15.","versionType":"semver","status":"unaffected"},{"version":"6.1.175","lessThanOrEqual":"6.1.","versionType":"semver","status":"unaffected"},{"version":"6.6.141","lessThanOrEqual":"6.6.","versionType":"semver","sta

Quick Info

CVE Dictionary Entry:
CVE-2026-53304
NVD Published Date:
06/26/2026
NVD Last Modified:
06/26/2026
Source:
kernel.org

You are viewing this page in an unauthorized frame window.

Information Technology Laboratory

National Vulnerability Database

National Vulnerability Database

CVE-2026-53304 Detail

Description

Metrics

References to Advisories, Solutions, and Tools

Weakness Enumeration

Change History

New CVE Received from kernel.org 6/26/2026 4:17:23 PM

Quick Info