1. Home
  2. Vulnerabilities
  3. CVE-2026-53124
0.0
NA
CVE-2026-53124
ublk: reset per-IO canceled flag on each fetch
Overview
Description

In the Linux kernel, the following vulnerability has been resolved: ublk: reset per-IO canceled flag on each fetch If a ublk server starts recovering devices but dies before issuing fetch commands for all IOs, cancellation of the fetch commands that were successfully issued may never complete. This is because the per-IO canceled flag can remain set even after the fetch for that IO has been submitted - the per-IO canceled flags for all IOs in a queue are reset together only once all IOs for that queue have been fetched. So if a nonempty proper subset of the IOs for a queue are fetched when the ublk server dies, the IOs in that subset will never successfully be canceled, as their canceled flags remain set, and this prevents ublk_cancel_cmd from actually calling io_uring_cmd_done on the commands, despite the fact that they are outstanding. Fix this by resetting the per-IO cancel flags immediately when each IO is fetched instead of waiting for all IOs for the queue (which may never happen).

Details
INFO

Published Date :

June 24, 2026, 4:30 p.m.

Last Modified :

June 24, 2026, 4:30 p.m.

Remotely Exploit :

No

Source :

Linux
Impact
Affected Products

The following products are affected by CVE-2026-53124 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

No affected product recoded yet

: Total Affected Vendor : 0 | Products : 0
Solution
Reset per-IO canceled flags immediately upon fetch to ensure timely cancellation.
  • Apply the Linux kernel patch for the ublk: reset per-IO canceled flag issue.
  • Ensure all submitted IOs are properly canceled upon fetch.
  • Test device recovery and IO cancellation logic.

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2026-53124 vulnerability anywhere in the article.

Results are limited to the first 20 news articles due to potential performance issues.

EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
CVSS
Vulnerability Scoring Details
No CVSS metrics available for this vulnerability.