Description
In the Linux kernel, the following vulnerability has been resolved:

io_uring/napi: cap busy_poll_to 10 msec

Currently there's no cap on the maximum amount of time that napi is
allowed to poll if no events are found, which can lead to kernel
complaints on a task being stuck as there's no conditional rescheduling
done within that loop.

Just cap it to 10 msec in total, that's already way above any kind of
sane value that will reap any benefits, yet low enough that it's
nowhere near being able to trigger preemption complaints.
Published: 2026-06-26
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability arises from the Linux kernel lacking a cap on busy_poll activity in the io_uring implementation, allowing a NAPI polling loop to run indefinitely when no events are found. This can cause the kernel to complain that a task is stuck because there is no conditional rescheduling within the loop, potentially leading to kernel stability issues or denial of service at the system level.

Affected Systems

The affected product is the Linux kernel provided by the Linux vendor. No specific version range is identified in the data.

Risk and Exploitability

The weakness is a local kernel issue that may be io_uring with busy_poll enabled. The CVSS score is 5.5, the EPSS score is < 1%, and the vulnerability is not listed in the CISA KEV catalog, indicating limited publicly known exploitation but a potential on a target system. The attack vector is inferred to be local or via privileged code interacting with io_uring.

Generated by OpenCVE AI on June 29, 2026 at 13:37 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Linux kernel to a release that includes the busy_poll cap fix.
  • Ensure applications using io_uring do not enable idle busy_poll or constrain the busy_poll setting.
  • If an immediate kernel upgrade is not possible, disable busy_poll functionality in the application or configure system parameters to limit polling times.

Generated by OpenCVE AI on June 29, 2026 at 13:37 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 29 Jun 2026 12:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-835
References
Metrics threat_severity

None

cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Moderate


Fri, 26 Jun 2026 22:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-400

Fri, 26 Jun 2026 20:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: io_uring/napi: cap busy_poll_to 10 msec Currently there's no cap on the maximum amount of time that napi is allowed to poll if no events are found, which can lead to kernel complaints on a task being stuck as there's no conditional rescheduling done within that loop. Just cap it to 10 msec in total, that's already way above any kind of sane value that will reap any benefits, yet low enough that it's nowhere near being able to trigger preemption complaints.
Title io_uring/napi: cap busy_poll_to 10 msec
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-06-26T19:41:12.589Z

Reserved: 2026-06-09T07:44:35.398Z

Link: CVE-2026-53321

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-06-26T00:00:00Z

Links: CVE-2026-53321 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-29T13:45:07Z

Weaknesses
  • CWE-400

    Uncontrolled Resource Consumption

  • CWE-835

    Loop with Unreachable Exit Condition ('Infinite Loop')