—

CVE-2026-53306EXPLOITEDPATCHED

linux · linux kernel

tty: hvc_iucv: fix off-by-one in number of supported devices

Description

A vulnerability was found in Linux Kernel up to 7.0.9. It has been declared as critical. This vulnerability affects unknown code of the component tty. Such manipulation of the argument hvc_iucv_table[] leads to off-by-one. This vulnerability is documented as CVE-2026-53306. The attack requires being on the local network. There is not any exploit available. It is recommended to upgrade the affected component.

Affected Products

Vendor	Product	Versions
linux	linux kernel	44a01d5ba8a4d543694461cd3e178cfa6b3f221b, 44a01d5ba8a4d543694461cd3e178cfa6b3f221b, 44a01d5ba8a4d543694461cd3e178cfa6b3f221b, 44a01d5ba8a4d543694461cd3e178cfa6b3f221b, 44a01d5ba8a4d543694461cd3e178cfa6b3f221b, 44a01d5ba8a4d543694461cd3e178cfa6b3f221b, 44a01d5ba8a4d543694461cd3e178cfa6b3f221b, 44a01d5ba8a4d543694461cd3e178cfa6b3f221b, 2.6.29, 7.0.9

Also Affects

Downstream vendors/products affected by this vulnerability

Vendor	Product	Source	Confidence
linux	linux	mitre_affected	90%

References

Related News (3 articles)

Tier A

Microsoft MSRC2h ago

CVE-2026-53306 tty: hvc_iucv: fix off-by-one in number of supported devices

→ No new info (linked only)

Tier C

VulDB1d ago

CVE-2026-53306 | Linux Kernel up to 7.0.9 tty hvc_iucv_table[] off-by-one

→ No new info (linked only)

Tier C

Linux Kernel CVEs1d ago

CVE-2026-53306: tty: hvc_iucv: fix off-by-one in number of supported devices

→ No new info (linked only)

CISA KEV❌ No

Actively exploited✅ Yes

Patch available

3d3b89e6ab93bdd0efd45828bda6b0e61cc46dff484357dff256c816d9466bda35eb765685e4dc8611207e42a332eb8bbcb9fe74df9edd2a807c5607fed8b8f33a46db0ee2efdb000f4f630c86ed8ca4a76511bc654819425d3b15e77b523d7f9d81f0643104a3f40feb107f77d7116ad9bf6c210ab7babff1dc8e72de9aabe5d96767a4e97219ac26b79fe5f2a880e802ad12d1e38039d1334fb1475d0f524105.10.2585.15.2096.1.1756.6.1416.12.916.18.337.0.107.1

PublishedJun 26, 2026

Last enriched1d agov3

Trending Score65

Source articles3

Independent3

Info Completeness7/14

Missing: cvss, epss, cwe, kev, exploit, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

HIGHCVE-2026-31431EXPKEV

crypto: algif_aead - Revert to operating out-of-place

Trending: 111

HIGHCVE-2026-43284EXPKEV

xfrm: esp: avoid in-place decrypt on shared skb frags

Trending: 106

HIGHCVE-2026-43500EXPKEV

rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present

Trending: 100

HIGHCVE-2026-46243EXP

smb: client: reject userspace cifs.spnego descriptions

Trending: 86

HIGHCVE-2026-46333EXP

ptrace: slightly saner 'get_dumpable()' logic

Trending: 70

Pin to Dashboard

Verification

State: verified

Confidence: 0%

Vulnerability Timeline

CVE Published

Jun 26, 2026

Discovered by ZDM

Jun 26, 2026

Updated: affectedVersions, cweIds

Jun 26, 2026

Actively Exploited

Jun 26, 2026

Patch Available

Jun 26, 2026

Updated: description, affectedVersions, severity, activelyExploited

Jun 26, 2026

Version History

Last enriched 1d ago

v3Tier C1d ago

Updated description with critical severity, added affected version 7.0.9, and noted that no exploit is available.

descriptionaffectedVersionsseverityactivelyExploited

via VulDB

v2Tier C1d ago

Updated description with more technical detail, added affected version 2.6.29, changed severity to HIGH, added CWE-119, and marked exploit available and actively exploited.

affectedVersionscweIds

via Linux Kernel CVEs

v11d ago

Initial creation