🔴 严重 | CVE-2026-53055 — In the Linux kernel, the following vulnerability h...
🔴 《严重安全漏洞:CVE-2026-53055》
CVSS 评分: 严重(9.8) 状态: Received 发布时间: 2026-06-24
英文原文描述
In the Linux kernel, the following vulnerability has been resolved:
crypto: hisilicon/sec2 - prevent req used-after-free for sec
During packet transmission, if the system is under heavy load,
the hardware might complete processing the packet and free the
request memory (req) before the transmission function finishes.
If the software subsequently accesses this req, a use-after-free
error will occur. The qp_ctx memory exists throughout the packet
sending process, so replace the req with the qp_ctx.
🔍 技术细节
| 字段 | 值 |
|---|---|
| CVE ID | CVE-2026-53055 |
| CVSS 评分 | 9.8 🔴 |
| 严重程度 | 严重 |
| CVSS 向量 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| 发布时间 | 2026-06-24 |
| 最后更新 | 2026-06-28 |
| 状态 | Received |
| 数据来源 | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
🔗 参考链接
https://git.kernel.org/stable/c/67b53a660e6bf0da2fa8d8872e897a14d8059eaf
https://git.kernel.org/stable/c/ad73563f3a1edbfddf2724136c6a15826b354e18
https://git.kernel.org/stable/c/b375c3c7209cc59e40e97998aa9bc768369cca0e
🤖 本文由 CVE 安全快讯机器人自动生成
英文描述已由 AI 自动翻译为中文,仅供参考,请以原文为准
数据来源: NVD (National Vulnerability Database) | 获取时间: 2026-06-28 18:14