{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-53215","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2026-06-09T07:44:35.392Z","datePublished":"2026-06-25T08:39:18.875Z","dateUpdated":"2026-06-28T06:40:28.295Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-06-28T06:40:28.295Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: mvpp2: refill RX buffers before XDP or skb use\n\nThe RX error path returns the current descriptor buffer to the hardware\nBM pool. That is only valid while the driver still owns the buffer.\n\nmvpp2_rx_refill() can fail after the current buffer has been handed to\nXDP or attached to an skb. In those cases mvpp2_run_xdp() may have\nrecycled, redirected, or queued the page for XDP_TX, and an skb free also\nretires the data buffer. Returning such a buffer to BM lets hardware DMA\ninto memory that is no longer owned by the RX ring.\n\nRefill the BM pool before handing the current buffer to XDP or to the\nskb. If the allocation fails there, drop the packet and return the\nstill-owned current buffer to BM, preserving the pool depth. Once the\nrefill succeeds, later local drops retire/free the current buffer instead\nof returning it to BM."}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL"}}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/net/ethernet/marvell/mvpp2/mvpp2_main.c"],"versions":[{"version":"07dd0a7aae7f72af7cec18909581c2bb570edddc","lessThan":"a88b3293b556f4d8fba11db9a8061a6b0d3b69e6","status":"affected","versionType":"git"},{"version":"07dd0a7aae7f72af7cec18909581c2bb570edddc","lessThan":"a03cdcedb2cbcc42551dc3e4746929e93c5352d5","status":"affected","versionType":"git"},{"version":"07dd0a7aae7f72af7cec18909581c2bb570edddc","lessThan":"580f92f27cb8724bcc4be98ee89890eab524a2ae","status":"affected","versionType":"git"},{"version":"07dd0a7aae7f72af7cec18909581c2bb570edddc","lessThan":"d0c8c4fbd22d260fe28530260656c5fb3c20ce84","status":"affected","versionType":"git"},{"version":"07dd0a7aae7f72af7cec18909581c2bb570edddc","lessThan":"8a2126c5afe89f8ceeb60a3afb9f075b736194cd","status":"affected","versionType":"git"},{"version":"07dd0a7aae7f72af7cec18909581c2bb570edddc","lessThan":"02e1b5c4d3b4c658b72c145427cded1bba613fc1","status":"affected","versionType":"git"},{"version":"07dd0a7aae7f72af7cec18909581c2bb570edddc","lessThan":"5e8e2a9624df72fca7c736b2966b2cbf6c9c3ff6","status":"affected","versionType":"git"},{"version":"95a936364f2685e9e040c6b179b553604d96de22","status":"affected","versionType":"git"},{"version":"fba2cf348d9eb50b2049a73cc09313dab6d293f1","status":"affected","versionType":"git"},{"version":"5.7.15","lessThan":"5.8","status":"affected","versionType":"semver"},{"version":"5.8.2","lessThan":"5.9","status":"affected","versionType":"semver"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/net/ethernet/marvell/mvpp2/mvpp2_main.c"],"versions":[{"version":"5.9","status":"affected"},{"version":"0","lessThan":"5.9","status":"unaffected","versionType":"semver"},{"version":"5.15.210","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.176","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.143","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.12.94","lessThanOrEqual":"6.12.*","status":"unaffected","versionType":"semver"},{"version":"6.18.36","lessThanOrEqual":"6.18.*","status":"unaffected","versionType":"semver"},{"version":"7.0.13","lessThanOrEqual":"7.0.*","status":"unaffected","versionType":"semver"},{"version":"7.1","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.9","versionEndExcluding":"5.15.210"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.9","versionEndExcluding":"6.1.176"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.9","versionEndExcluding":"6.6.143"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.9","versionEndExcluding":"6.12.94"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.9","versionEndExcluding":"6.18.36"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.9","versionEndExcluding":"7.0.13"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.9","versionEndExcluding":"7.1"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.7.15"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.8.2"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/a88b3293b556f4d8fba11db9a8061a6b0d3b69e6"},{"url":"https://git.kernel.org/stable/c/a03cdcedb2cbcc42551dc3e4746929e93c5352d5"},{"url":"https://git.kernel.org/stable/c/580f92f27cb8724bcc4be98ee89890eab524a2ae"},{"url":"https://git.kernel.org/stable/c/d0c8c4fbd22d260fe28530260656c5fb3c20ce84"},{"url":"https://git.kernel.org/stable/c/8a2126c5afe89f8ceeb60a3afb9f075b736194cd"},{"url":"https://git.kernel.org/stable/c/02e1b5c4d3b4c658b72c145427cded1bba613fc1"},{"url":"https://git.kernel.org/stable/c/5e8e2a9624df72fca7c736b2966b2cbf6c9c3ff6"}],"title":"net: mvpp2: refill RX buffers before XDP or skb use","x_generator":{"engine":"bippy-1.2.0"}}}}