CVE-2026-53324 in Linuxinfo

Summary

by MITRE • 06/26/2026

In the Linux kernel, the following vulnerability has been resolved:

net: mana: Use pci_name() for debugfs directory naming

Use pci_name(pdev) for the per-device debugfs directory instead of hardcoded "0" for PFs and pci_slot_name(pdev->slot) for VFs. The previous approach had two issues:

1. pci_slot_name() dereferences pdev->slot, which can be NULL for VFs in environments like generic VFIO passthrough or nested KVM, causing a NULL pointer dereference.

2. Multiple PFs would all use "0", and VFs across different PCI domains or buses could share the same slot name, leading to -EEXIST errors from debugfs_create_dir().

pci_name(pdev) returns the unique BDF address, is always valid, and is unique across the system.

Be aware that VulDB is the high quality source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Responsible

Linux

Reservation

06/09/2026

Disclosure

06/26/2026

Moderation

accepted

Entry

VDB-374395

CPE

ready

CWE

CWE-476 (confirmed)

CVSS

4.8 (VulDB)

EPSS

0.00000

KEV

Activities

very low

Sector

Agriculture, Chemical, ...

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-53324
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-53324
CVE Details	https://www.cvedetails.com/cve/CVE-2026-53324/

◂ Previous Overview Next ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!