CVE-2026-53369
udf: reject descriptors with oversized CRC length
Description
In the Linux kernel, the following vulnerability has been resolved: udf: reject descriptors with oversized CRC length udf_read_tagged() skips CRC verification when descCRCLength + sizeof(struct tag) exceeds the block size. A crafted UDF image can set descCRCLength to an oversized value to bypass CRC validation entirely; the descriptor is then accepted based solely on the 8-bit tag checksum, which is trivially recomputable. Reject such descriptors instead of silently accepting them. A legitimate single-block descriptor should never have a CRC length that exceeds the block.
INFO
Published Date :
July 19, 2026, 9:17 a.m.
Last Modified :
July 19, 2026, 9:17 a.m.
Remotely Exploit :
No
Source :
416baaa9-dc9f-4396-8d5f-8c081fb06d67
Affected Products
The following products are affected by CVE-2026-53369
vulnerability.
Even if cvefeed.io is aware of the exact versions of the
products
that
are
affected, the information is not represented in the table below.
No affected product recoded yet
Solution
- Update the Linux kernel to include the fix.
- Apply the patch for the udf_read_tagged function.
- Ensure CRC verification is not skipped for oversized descriptors.
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2026-53369.
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2026-53369 is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2026-53369
weaknesses.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2026-53369 vulnerability anywhere in the article.
The following table lists the changes that have been made to the
CVE-2026-53369 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
New CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Jul. 19, 2026
Action Type Old Value New Value Added Affected [{'repo': 'https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git', 'vendor': 'Linux', 'product': 'Linux', 'versions': [{'status': 'affected', 'version': '1da177e4c3f41524e886b7f1b8a0c1fc7321cac2', 'lessThan': '832ab4a882dc9b3c0155490d9993642ef545fd22', 'versionType': 'git'}, {'status': 'affected', 'version': '1da177e4c3f41524e886b7f1b8a0c1fc7321cac2', 'lessThan': '7d1b6adbf90df6c8941090d5646fbeca25ba9770', 'versionType': 'git'}, {'status': 'affected', 'version': '1da177e4c3f41524e886b7f1b8a0c1fc7321cac2', 'lessThan': '3dede76d525919bb966f9213e131af685de5ff99', 'versionType': 'git'}, {'status': 'affected', 'version': '1da177e4c3f41524e886b7f1b8a0c1fc7321cac2', 'lessThan': '50dfaf4a027742b4fcdc3e9305e7199ece9bc6a6', 'versionType': 'git'}, {'status': 'affected', 'version': '1da177e4c3f41524e886b7f1b8a0c1fc7321cac2', 'lessThan': '31605bbe94557bff721eaf041001169d44ac6f98', 'versionType': 'git'}, {'status': 'affected', 'version': '1da177e4c3f41524e886b7f1b8a0c1fc7321cac2', 'lessThan': '1873eb81c65d3f849418d7386baa39c439c9fc38', 'versionType': 'git'}, {'status': 'affected', 'version': '1da177e4c3f41524e886b7f1b8a0c1fc7321cac2', 'lessThan': 'fdb26e628d2a211a23815d375bd33bdf863344e2', 'versionType': 'git'}, {'status': 'affected', 'version': '1da177e4c3f41524e886b7f1b8a0c1fc7321cac2', 'lessThan': '55d41b0a20128e86b9e960dd2e3f0a2d69a18df7', 'versionType': 'git'}], 'programFiles': ['fs/udf/misc.c'], 'defaultStatus': 'unaffected'}, {'repo': 'https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git', 'vendor': 'Linux', 'product': 'Linux', 'versions': [{'status': 'affected', 'version': '2.6.12'}, {'status': 'unaffected', 'version': '0', 'lessThan': '2.6.12', 'versionType': 'semver'}, {'status': 'unaffected', 'version': '5.10.258', 'versionType': 'semver', 'lessThanOrEqual': '5.10.*'}, {'status': 'unaffected', 'version': '5.15.209', 'versionType': 'semver', 'lessThanOrEqual': '5.15.*'}, {'status': 'unaffected', 'version': '6.1.175', 'versionType': 'semver', 'lessThanOrEqual': '6.1.*'}, {'status': 'unaffected', 'version': '6.6.140', 'versionType': 'semver', 'lessThanOrEqual': '6.6.*'}, {'status': 'unaffected', 'version': '6.12.88', 'versionType': 'semver', 'lessThanOrEqual': '6.12.*'}, {'status': 'unaffected', 'version': '6.18.30', 'versionType': 'semver', 'lessThanOrEqual': '6.18.*'}, {'status': 'unaffected', 'version': '7.0.7', 'versionType': 'semver', 'lessThanOrEqual': '7.0.*'}, {'status': 'unaffected', 'version': '7.1', 'versionType': 'original_commit_for_fix', 'lessThanOrEqual': '*'}], 'programFiles': ['fs/udf/misc.c'], 'defaultStatus': 'affected'}] Added Description In the Linux kernel, the following vulnerability has been resolved: udf: reject descriptors with oversized CRC length udf_read_tagged() skips CRC verification when descCRCLength + sizeof(struct tag) exceeds the block size. A crafted UDF image can set descCRCLength to an oversized value to bypass CRC validation entirely; the descriptor is then accepted based solely on the 8-bit tag checksum, which is trivially recomputable. Reject such descriptors instead of silently accepting them. A legitimate single-block descriptor should never have a CRC length that exceeds the block. Added Reference https://git.kernel.org/stable/c/1873eb81c65d3f849418d7386baa39c439c9fc38 Added Reference https://git.kernel.org/stable/c/31605bbe94557bff721eaf041001169d44ac6f98 Added Reference https://git.kernel.org/stable/c/3dede76d525919bb966f9213e131af685de5ff99 Added Reference https://git.kernel.org/stable/c/50dfaf4a027742b4fcdc3e9305e7199ece9bc6a6 Added Reference https://git.kernel.org/stable/c/55d41b0a20128e86b9e960dd2e3f0a2d69a18df7 Added Reference https://git.kernel.org/stable/c/7d1b6adbf90df6c8941090d5646fbeca25ba9770 Added Reference https://git.kernel.org/stable/c/832ab4a882dc9b3c0155490d9993642ef545fd22 Added Reference https://git.kernel.org/stable/c/fdb26e628d2a211a23815d375bd33bdf863344e2