Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Linux Distros Unpatched Vulnerability : CVE-2026-53033

🗓️ 25 Jun 2026 00:00:00Reported by TenableType 
nessus
 nessus🔗 www.tenable.com👁 3 Views

Linux systems have unpatched vulnerability CVE-2026-53033 in BPF sockmap causing stale peer race during TCP state change.

Related
Refs
Code
ReporterTitlePublishedViews
Family
CVE		CVE-2026-53033
24 Jun 202616:29
cve
Cvelist		CVE-2026-53033 bpf, sockmap: Take state lock for af_unix iter
24 Jun 202616:29
cvelist
Debian CVE		CVE-2026-53033
24 Jun 202616:29
debiancve
EUVD		EUVD-2026-38901
24 Jun 202618:32
euvd
NVD		CVE-2026-53033
24 Jun 202617:17
nvd
OSV		DEBIAN-CVE-2026-53033
24 Jun 202617:17
osv
OSV		ECHO-93DD-51FB-100F
25 Jun 202609:55
osv
OSV		UBUNTU-CVE-2026-53033
24 Jun 202617:17
osv
Positive Technologies		PT-2026-51927
24 Jun 202600:00
ptsecurity
RedhatCVE		CVE-2026-53033
25 Jun 202618:16
redhatcve
Rows per page
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(322584);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/06/25");

  script_cve_id("CVE-2026-53033");

  script_name(english:"Linux Distros Unpatched Vulnerability : CVE-2026-53033");

  script_set_attribute(attribute:"synopsis", value:
"The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be
patched.");
  script_set_attribute(attribute:"description", value:
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied
patch available.

  - bpf, sockmap: Take state lock for af_unix iter When a BPF iterator program updates a sockmap, there is a
    race condition in unix_stream_bpf_update_proto() where the `peer` pointer can become stale[1] during a
    state transition TCP_ESTABLISHED -> TCP_CLOSE. CPU0 bpf CPU1 close -------- ---------- //
    unix_stream_bpf_update_proto() sk_pair = unix_peer(sk) if (unlikely(!sk_pair)) return -EINVAL; //
    unix_release_sock() skpair = unix_peer(sk); unix_peer(sk) = NULL; sock_put(skpair) sock_hold(sk_pair) //
    UaF More practically, this fix guarantees that the iterator program is consistently provided with a unix
    socket that remains stable during iterator execution. [1]: BUG: KASAN: slab-use-after-free in
    unix_stream_bpf_update_proto+0x155/0x490 Write of size 4 at addr ffff8881178c9a00 by task test_progs/2231
    Call Trace: dump_stack_lvl+0x5d/0x80 print_report+0x170/0x4f3 kasan_report+0xe4/0x1c0
    kasan_check_range+0x125/0x200 unix_stream_bpf_update_proto+0x155/0x490 sock_map_link+0x71c/0xec0
    sock_map_update_common+0xbc/0x600 sock_map_update_elem+0x19a/0x1f0
    bpf_prog_bbbf56096cdd4f01_selective_dump_unix+0x20c/0x217 bpf_iter_run_prog+0x21e/0xae0
    bpf_iter_unix_seq_show+0x1e0/0x2a0 bpf_seq_read+0x42c/0x10d0 vfs_read+0x171/0xb20 ksys_read+0xff/0x200
    do_syscall_64+0xf7/0x5e0 entry_SYSCALL_64_after_hwframe+0x76/0x7e Allocated by task 2236:
    kasan_save_stack+0x30/0x50 kasan_save_track+0x14/0x30 __kasan_slab_alloc+0x63/0x80
    kmem_cache_alloc_noprof+0x1d5/0x680 sk_prot_alloc+0x59/0x210 sk_alloc+0x34/0x470 unix_create1+0x86/0x8a0
    unix_stream_connect+0x318/0x15b0 __sys_connect+0xfd/0x130 __x64_sys_connect+0x72/0xd0
    do_syscall_64+0xf7/0x5e0 entry_SYSCALL_64_after_hwframe+0x76/0x7e Freed by task 2236:
    kasan_save_stack+0x30/0x50 kasan_save_track+0x14/0x30 kasan_save_free_info+0x3b/0x70
    __kasan_slab_free+0x47/0x70 kmem_cache_free+0x11c/0x590 __sk_destruct+0x432/0x6e0
    unix_release_sock+0x9b3/0xf60 unix_release+0x8a/0xf0 __sock_release+0xb0/0x270 sock_close+0x18/0x20
    __fput+0x36e/0xac0 fput_close_sync+0xe5/0x1a0 __x64_sys_close+0x7d/0xd0 do_syscall_64+0xf7/0x5e0
    entry_SYSCALL_64_after_hwframe+0x76/0x7e (CVE-2026-53033)

Note that Nessus relies on the presence of the package as reported by the vendor.");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2026-53033");
  script_set_attribute(attribute:"solution", value:
"There is no known solution at this time.");
  script_set_attribute(attribute:"agent", value:"unix");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:U/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:U/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2026-53033");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_set_attribute(attribute:"vendor_unpatched", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2026/06/24");
  script_set_attribute(attribute:"plugin_publication_date", value:"2026/06/25");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:12.0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info2.nasl", "set_linux_os_id.nasl");
  script_require_keys("Host/cpu", "Host/local_checks_enabled", "global_settings/vendor_unpatched", "Host/OS/identifier");
  script_require_ports("Host/OS/Debian Linux-12");

  exit(0);
}

if (!get_kb_item("global_settings/vendor_unpatched")) exit(0, "Unpatched Vulnerabilities Detection not active.");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (empty_or_null(get_one_kb_item("Host/Debian/dpkg-l"))) audit(AUDIT_PACKAGE_LIST_MISSING);

include('linux_unpatched.inc');

var distro_constraints_array = {
  "Debian Linux-12": {
    "package_manager": "dpkg-l",
    "constraints": [
      {
        "release": "12",
        "pkgs": [
          {"reference": "btrfs-modules-6.1.0-47-alpha-generic-di"},
          {"reference": "cdrom-core-modules-6.1.0-47-alpha-generic-di"},
          {"reference": "ext4-modules-6.1.0-47-alpha-generic-di"},
          {"reference": "fat-modules-6.1.0-47-alpha-generic-di"},
          {"reference": "isofs-modules-6.1.0-47-alpha-generic-di"},
          {"reference": "jfs-modules-6.1.0-47-alpha-generic-di"},
          {"reference": "kernel-image-6.1.0-47-alpha-generic-di"},
          {"reference": "linux-doc"},
          {"reference": "linux-doc-6.1"},
          {"reference": "linux-headers-6.1.0"},
          {"reference": "linux-source"},
          {"reference": "linux-source-6.1"},
          {"reference": "linux-support-6.1.0"},
          {"reference": "loop-modules-6.1.0-47-alpha-generic-di"},
          {"reference": "nic-modules-6.1.0-47-alpha-generic-di"},
          {"reference": "nic-shared-modules-6.1.0-47-alpha-generic-di"},
          {"reference": "nic-wireless-modules-6.1.0-47-alpha-generic-di"},
          {"reference": "pata-modules-6.1.0-47-alpha-generic-di"},
          {"reference": "ppp-modules-6.1.0-47-alpha-generic-di"},
          {"reference": "scsi-core-modules-6.1.0-47-alpha-generic-di"},
          {"reference": "scsi-modules-6.1.0-47-alpha-generic-di"},
          {"reference": "scsi-nic-modules-6.1.0-47-alpha-generic-di"},
          {"reference": "serial-modules-6.1.0-47-alpha-generic-di"},
          {"reference": "usb-serial-modules-6.1.0-47-alpha-generic-di"},
          {"reference": "xfs-modules-6.1.0-47-alpha-generic-di"}
        ]
      }
    ]
  }
};

var distro_constraints_values = linux_unpatched::get_distro_constraints(distro_constraints_arr:distro_constraints_array);
if (empty_or_null(distro_constraints_values)) audit(AUDIT_HOST_NOT, 'affected');
var report = linux_unpatched::check_unpatched_constraints(distro_constraints_values:distro_constraints_values);

if (!empty_or_null(report))
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : report
  );
  exit(0);
}
else
{
  audit(AUDIT_HOST_NOT, 'affected');
}

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
25 Jun 2026 00:00Current
5.9Medium risk
Vulners AI Score5.9
EPSS0.00186
linux systemsbpf sockmaprace conditionpeer pointertcp state
3