CVE-2026-53079 - Vulnerability Details

Description

In the Linux kernel, the following vulnerability has been resolved:

net_sched: fix skb memory leak in deferred qdisc drops

When the network stack cleans up the deferred list via qdisc_run_end(),
it operates on the root qdisc. If the root qdisc do not implement the
TCQ_F_DEQUEUE_DROPS flag the packets queue to free are never freed and
gets stranded on the child's local to_free list.

Fix this by making qdisc_dequeue_drop() aware of the root qdisc. It
fetches the root qdisc and check for the TCQ_F_DEQUEUE_DROPS flag. If
the flag is present, the packet is appended directly to the root's
to_free list. Otherwise, drop it directly as it was done before the
optimization was implemented.

Published: 2026-06-24

Score: n/a

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

Impact

The Linux kernel’s network scheduler suffered a memory leak caused by deferred queue discipline (qdisc) drops. When the root qdisc does not implement the TCQ_F_DEQUEUE_DROPS flag, packets queued for dropping are never freed and accumulate in a child list, inflating kernel memory usage. This uncontrolled growth can exhaust available memory, leading to system slowdown or crash. The weakness is a classic resource leak (CWE‑401).

Affected Systems

All Linux kernel implementations prior to the application of the fix are potentially affected, and this includes the kernel distribution shipped with most Linux‑based operating systems. No specific version range is listed, so any kernel that received the patch is not affected.

Risk and Exploitability

The CVSS score is unavailable, and the EPSS score is unspecified. Based on the description, it can be inferred that an attacker could trigger the memory leak by generating high‑volume traffic that causes packets to be queued for deferred drops. The likely attack vector is network traffic directed at a vulnerable device, using crafted or excessive packets to activate the de‑queuing pathway. However, no evidence of successful exploitation exists; this assessment is inferred from the reported behavior. Although the vulnerability is not listed in the CISA KEV catalog, the potential for kernel memory exhaustion makes it a moderate to high risk for hosts handling large network loads, such as routers or servers.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`a6efc273ab8245722eee2150fa12cf75781dc410`	affected	< bf26ad92ffda7884825d67b46bd5efe615c3babf
`a6efc273ab8245722eee2150fa12cf75781dc410`	affected	< a6bd339dbb3514bce690fdcf252e788dfab4ee76

Linux

affected

Version	Status	Constraints
`6.19`	affected	—
`0`	unaffected	< 6.19
`7.0.10`	unaffected	≤ 7.0.*
`7.1`	unaffected	≤ *

No data.

No data available yet.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply the latest kernel release that contains the net_sched skb memory leak fix.
Configure the default qdisc to a discipline that implements the TCQ_F_DEQUEUE_DROPS flag (e.g., pq, qfq) so that packets are removed from the root to_free list immediately.
Reduce the size of deferred drop queues or the maximum pending packet count using sysctl or qdisc parameters to limit potential memory buildup.

Generated by OpenCVE AI on June 24, 2026 at 20:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/a6bd339dbb3514bce690fdcf252e788dfab4ee76
https://git.kernel.org/stable/c/bf26ad92ffda7884825d67b46bd5efe615c3babf

History

Wed, 24 Jun 2026 21:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-401

Wed, 24 Jun 2026 17:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: net_sched: fix skb memory leak in deferred qdisc drops When the network stack cleans up the deferred list via qdisc_run_end(), it operates on the root qdisc. If the root qdisc do not implement the TCQ_F_DEQUEUE_DROPS flag the packets queue to free are never freed and gets stranded on the child's local to_free list. Fix this by making qdisc_dequeue_drop() aware of the root qdisc. It fetches the root qdisc and check for the TCQ_F_DEQUEUE_DROPS flag. If the flag is present, the packet is appended directly to the root's to_free list. Otherwise, drop it directly as it was done before the optimization was implemented.
Title		net_sched: fix skb memory leak in deferred qdisc drops
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/a6bd339dbb3514bce690fdcf252e788dfab4ee76 https://git.kernel.org/stable/c/bf26ad92ffda7884825d67b46bd5efe615c3babf

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-06-24T16:30:20.163Z

Updated: 2026-06-24T16:30:20.163Z

Reserved: 2026-06-09T07:44:35.383Z

Link: CVE-2026-53079

Vulnrichment

No data.

NVD

No data.

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-06-24T21:00:11Z

Weaknesses

CWE-401
Missing Release of Memory after Effective Lifetime

Impact

Affected Systems

Risk and Exploitability

Tracking

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object