Description
In the Linux kernel, the following vulnerability has been resolved:

nvmem: layouts: onie-tlv: fix hang on unknown types

The EEPROM on my board has a vendor specific entry of type 0x41. When
stumbling upon that, this driver hangs in an endless loop.

Fix it by keep incrementing the offset on unknown entries, so the loop
will eventually stop.
Published: 2026-07-01
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability resides in the Linux kernel’s nvmem onie‑tlv layout handling code. When the driver parses an EEPROM entry of an unknown vendor‑specific type, the parsing loop never advances the offset, causing an endless iteration that stalls the driver and effectively renders the system unresponsive. This denial of service can cause kernel resource exhaustion or a system hang.

Affected Systems

All Linux kernel installations that include the onie‑tlv layout handler before the intervening patch are at risk. This includes the majority of distribution kernels that were built with the legacy loop logic and have not been updated to a kernel that incorporates the offset‑increment fix.

Risk and Exploitability

The likely attack vector is local: an adversary would need control over or the ability to modify the device’s EEPROM to insert an unknown type. In embedded systems where firmware can be altered the loop. The EPSS score is not available, and the vulnerability is not listed in CISA, implying limited evidence of public exploitation. Nonetheless, the high‑impact denial of service nature of an infinite loop warrants immediate attention when vulnerable firmware is present.

Generated by OpenCVE AI on July 1, 2026 at 23:25 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Linux kernel to a version that includes the patch adding offset increment for unknown onie‑tlv entries
  • Implement write protection or signed firmware enforcement to prevent unauthorized EEPROM modification
  • If the onie‑tlv feature is unnecessary for the system, disable or prune the layout parsing logic from the kernel

Generated by OpenCVE AI on July 1, 2026 at 23:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 02 Jul 2026 00:15:00 +0000


Wed, 01 Jul 2026 23:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-665

Wed, 01 Jul 2026 17:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-665

Wed, 01 Jul 2026 13:45:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: nvmem: layouts: onie-tlv: fix hang on unknown types The EEPROM on my board has a vendor specific entry of type 0x41. When stumbling upon that, this driver hangs in an endless loop. Fix it by keep incrementing the offset on unknown entries, so the loop will eventually stop.
Title nvmem: layouts: onie-tlv: fix hang on unknown types
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-07-01T13:32:18.489Z

Reserved: 2026-06-09T07:44:35.399Z

Link: CVE-2026-53336

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

Severity :

Publid Date: 2026-07-01T00:00:00Z

Links: CVE-2026-53336 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-07-01T23:30:17Z

Weaknesses
  • CWE-835

    Loop with Unreachable Exit Condition ('Infinite Loop')