CVE-2026-23253 — Improper Control of a Resource Through its Lifetime in Linux
Severity
7.8HIGHNVD
EPSS
0.0%
top 97.70%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMar 18
Description
In the Linux kernel, the following vulnerability has been resolved:
media: dvb-core: fix wrong reinitialization of ringbuffer on reopen
dvb_dvr_open() calls dvb_ringbuffer_init() when a new reader opens the
DVR device. dvb_ringbuffer_init() calls init_waitqueue_head(), which
reinitializes the waitqueue list head to empty.
Since dmxdev->dvr_buffer.queue is a shared waitqueue (all opens of the
same DVR device share it), this orphans any existing waitqueue entries
from io_uring poll or epoll, le…
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9
Affected Packages3 packages
▶CVEListV5linux/linux34731df288a5ffe4b0c396caf8cd24c6a710a222 — f1e520ca2e83ece6731af6167c9e5e16931ecba0+6
🔴Vulnerability Details
4OSV▶
CVE-2026-23253: In the Linux kernel, the following vulnerability has been resolved: media: dvb-core: fix wrong reinitialization of ringbuffer on reopen dvb_dvr_open()↗2026-03-18
GHSA▶
GHSA-2m3p-78c9-6w3j: In the Linux kernel, the following vulnerability has been resolved:
media: dvb-core: fix wrong reinitialization of ringbuffer on reopen
dvb_dvr_open↗2026-03-18
📋Vendor Advisories
3Debian▶
CVE-2026-23253: linux - In the Linux kernel, the following vulnerability has been resolved: media: dvb-...↗2026