🔴 《严重安全漏洞：CVE-2026-53215》

CVSS 评分: 严重（9.8）　　状态: Received　　发布时间: 2026-06-25

---

英文原文描述

In the Linux kernel, the following vulnerability has been resolved:

net: mvpp2: refill RX buffers before XDP or skb use

The RX error path returns the current descriptor buffer to the hardware
BM pool. That is only valid while the driver still owns the buffer.

mvpp2_rx_refill() can fail after the current buffer has been handed to
XDP or attached to an skb. In those cases mvpp2_run_xdp() may have
recycled, redirected, or queued the page for XDP_TX, and an skb free also
retires the data buffer. Returning such a buffer to BM lets hardware DMA
into memory that is no longer owned by the RX ring.

Refill the BM pool before handing the current buffer to XDP or to the
skb. If the allocation fails there, drop the packet and return the
still-owned current buffer to BM, preserving the pool depth. Once the
refill succeeds, later local drops retire/free the current buffer instead
of returning it to BM.

---

🔍 技术细节

字段	值
CVE ID	CVE-2026-53215
CVSS 评分	9.8 🔴
严重程度	严重
CVSS 向量	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
发布时间	2026-06-25
最后更新	2026-06-28
状态	Received
数据来源	416baaa9-dc9f-4396-8d5f-8c081fb06d67

---

🔗 参考链接

• https://git.kernel.org/stable/c/02e1b5c4d3b4c658b72c145427cded1bba613fc1

• https://git.kernel.org/stable/c/580f92f27cb8724bcc4be98ee89890eab524a2ae

• https://git.kernel.org/stable/c/5e8e2a9624df72fca7c736b2966b2cbf6c9c3ff6

• https://git.kernel.org/stable/c/8a2126c5afe89f8ceeb60a3afb9f075b736194cd

• https://git.kernel.org/stable/c/a03cdcedb2cbcc42551dc3e4746929e93c5352d5

• https://git.kernel.org/stable/c/a88b3293b556f4d8fba11db9a8061a6b0d3b69e6

• https://git.kernel.org/stable/c/d0c8c4fbd22d260fe28530260656c5fb3c20ce84

• NVD 正式页面: https://nvd.nist.gov/vuln/detail/CVE-2026-53215

---

🤖 本文由 CVE 安全快讯机器人自动生成
英文描述已由 AI 自动翻译为中文，仅供参考，请以原文为准
数据来源: NVD (National Vulnerability Database) | 获取时间: 2026-06-28 18:14