PT-2026-52338 · Linux · Linux

Published

2026-06-25

Updated

2026-06-25

CVE-2026-53243

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.

In the Linux kernel, the following vulnerability has been resolved:

rseq: Fix using an uninitialized stack variable in rseq exit user update()

There is an bug in which an uninitialized stack variable is used in rseq exit user update() as reported by syzbot:

BUG: KMSAN: kernel-infoleak in rseq set ids get csaddr include/linux/rseq entry.h:502 [inline]

The local variable:

struct rseq ids ids = {
	.cpu id	 = task cpu(t),
	.mm cid	 = task mm cid(t),
	.node id = cpu to node(ids.cpu id),
};

According to the C standard, the evaluation order of expressions in an initializer list is indeterminately sequenced. The compiler (Clang, in this KMSAN build) evaluates cpu to node(ids.cpu id) before ids.cpu id is initialized with task cpu(t).

This is fixed by moving the assignment of ids.node id outside the structure initialization.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2026-53243

Affected Products

Linux

PT-2026-52338 · Linux · Linux

CVE-2026-53243

Related Identifiers

Affected Products

References · 3