{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-53353","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2026-06-09T07:44:35.400Z","datePublished":"2026-07-01T13:32:29.699Z","dateUpdated":"2026-07-01T13:32:29.699Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-07-01T13:32:29.699Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nhsr: Remove WARN_ONCE() in hsr_addr_is_self().\n\nsyzbot reported the warning [0] in hsr_addr_is_self(),\nwhose assumption is simply wrong.\n\nhsr->self_node is cleared in hsr_del_self_node(), which\nis called from hsr_dellink().\n\nSince dev->rtnl_link_ops->dellink() is called before\nunregister_netdevice_many(), there is a window when\nuser can find the device but without hsr->self_node.\n\nLet's remove WARN_ONCE() in hsr_addr_is_self().\n\n[0]:\nHSR: No self node\nWARNING: net/hsr/hsr_framereg.c:39 at hsr_addr_is_self+0x211/0x3f0 net/hsr/hsr_framereg.c:39, CPU#0: syz.4.16848/17220\nModules linked in:\nCPU: 0 UID: 0 PID: 17220 Comm: syz.4.16848 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)}\nTainted: [L]=SOFTLOCKUP\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026\nRIP: 0010:hsr_addr_is_self+0x211/0x3f0 net/hsr/hsr_framereg.c:39\nCode: 33 2f 41 0f b7 dd 89 ee 09 de 31 ff e8 c8 b4 c6 f6 09 dd 74 54 e8 0f b0 c6 f6 31 ed eb 53 e8 06 b0 c6 f6 48 8d 3d 2f 50 9c 04 <67> 48 0f b9 3a 31 ed eb 42 e8 c1 13 1f 00 89 c5 31 ff 89 c6 e8 96\nRSP: 0018:ffffc900041c70e0 EFLAGS: 00010283\nRAX: ffffffff8afdc6ca RBX: ffffffff8afdc4e6 RCX: 0000000000080000\nRDX: ffffc90010493000 RSI: 0000000000000948 RDI: ffffffff8f9a1700\nRBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000\nR10: ffffc900041c71e8 R11: fffff52000838e3f R12: dffffc0000000000\nR13: ffff888041f9e3c0 R14: ffff888086ee3802 R15: 0000000000000000\nFS:  00007f6fe985d6c0(0000) GS:ffff888126176000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f80bd437dac CR3: 0000000025096000 CR4: 00000000003526f0\nDR0: ffffffffffffffff DR1: 00000000000001f8 DR2: 0000000000000002\nDR3: ffffffffefffff15 DR6: 00000000ffff0ff0 DR7: 0000000000000400\nCall Trace:\n <TASK>\n check_local_dest net/hsr/hsr_forward.c:592 [inline]\n fill_frame_info net/hsr/hsr_forward.c:728 [inline]\n hsr_forward_skb+0xa11/0x2a80 net/hsr/hsr_forward.c:739\n hsr_dev_xmit+0x253/0x370 net/hsr/hsr_device.c:236\n __netdev_start_xmit include/linux/netdevice.h:5368 [inline]\n netdev_start_xmit include/linux/netdevice.h:5377 [inline]\n xmit_one net/core/dev.c:3888 [inline]\n dev_hard_start_xmit+0x2df/0x860 net/core/dev.c:3904\n __dev_queue_xmit+0x1428/0x3900 net/core/dev.c:4870\n neigh_output include/net/neighbour.h:556 [inline]\n ip_finish_output2+0xcec/0x10b0 net/ipv4/ip_output.c:237\n ip_send_skb net/ipv4/ip_output.c:1510 [inline]\n ip_push_pending_frames+0x8b/0x110 net/ipv4/ip_output.c:1530\n raw_sendmsg+0x1547/0x1a50 net/ipv4/raw.c:659\n sock_sendmsg_nosec net/socket.c:787 [inline]\n __sock_sendmsg net/socket.c:802 [inline]\n ____sys_sendmsg+0x7da/0x9c0 net/socket.c:2698\n ___sys_sendmsg+0x2a5/0x360 net/socket.c:2752\n __sys_sendmsg net/socket.c:2784 [inline]\n __do_sys_sendmsg net/socket.c:2789 [inline]\n __se_sys_sendmsg net/socket.c:2787 [inline]\n __x64_sys_sendmsg+0x1c3/0x2a0 net/socket.c:2787\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0x15f/0xf80 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7f6feb62ce59\nCode: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007f6fe985d028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e\nRAX: ffffffffffffffda RBX: 00007f6feb8a6090 RCX: 00007f6feb62ce59\nRDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000004\nRBP: 00007f6feb6c2d6f R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\nR13: 00007f6feb8a6128 R14: 00007f6feb8a6090 R15: 00007ffcf01cc488\n </TASK>"}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["net/hsr/hsr_framereg.c"],"versions":[{"version":"f266a683a4804dc499efc6c2206ef68efed029d0","lessThan":"271355c2ef6171dbc815e7ae653eed63444bbd58","status":"affected","versionType":"git"},{"version":"f266a683a4804dc499efc6c2206ef68efed029d0","lessThan":"0232b6fcb7615fb7fecfe0727a23065a53e228b8","status":"affected","versionType":"git"},{"version":"f266a683a4804dc499efc6c2206ef68efed029d0","lessThan":"66a46e22396fd5d09606f37f73643eb20e99aa42","status":"affected","versionType":"git"},{"version":"f266a683a4804dc499efc6c2206ef68efed029d0","lessThan":"d71bb171661ec0225bf4babdd4d296d744982fb3","status":"affected","versionType":"git"},{"version":"f266a683a4804dc499efc6c2206ef68efed029d0","lessThan":"afd0f17ca46258cec3a5cc48b8df9327fe772490","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["net/hsr/hsr_framereg.c"],"versions":[{"version":"3.17","status":"affected"},{"version":"0","lessThan":"3.17","status":"unaffected","versionType":"semver"},{"version":"6.6.143","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.12.94","lessThanOrEqual":"6.12.*","status":"unaffected","versionType":"semver"},{"version":"6.18.36","lessThanOrEqual":"6.18.*","status":"unaffected","versionType":"semver"},{"version":"7.0.13","lessThanOrEqual":"7.0.*","status":"unaffected","versionType":"semver"},{"version":"7.1","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.17","versionEndExcluding":"6.6.143"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.17","versionEndExcluding":"6.12.94"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.17","versionEndExcluding":"6.18.36"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.17","versionEndExcluding":"7.0.13"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.17","versionEndExcluding":"7.1"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/271355c2ef6171dbc815e7ae653eed63444bbd58"},{"url":"https://git.kernel.org/stable/c/0232b6fcb7615fb7fecfe0727a23065a53e228b8"},{"url":"https://git.kernel.org/stable/c/66a46e22396fd5d09606f37f73643eb20e99aa42"},{"url":"https://git.kernel.org/stable/c/d71bb171661ec0225bf4babdd4d296d744982fb3"},{"url":"https://git.kernel.org/stable/c/afd0f17ca46258cec3a5cc48b8df9327fe772490"}],"title":"hsr: Remove WARN_ONCE() in hsr_addr_is_self().","x_generator":{"engine":"bippy-1.2.0"}}}}