CVE-2026-52910

HIGHPre-NVD 7.87.8
EchelonGraph scoreHIGH confidence

Score 7.8 from GitHub Security Advisory (severity: HIGH) published 2026-06-19. a secondary CVSS source baseline 7.8; sources differ by 0.0.

Triggered by: GitHub Security Advisory CVSS
Sources: epss, ghsa, secondary
Trending — 3 sources updated this week
7.8
EchelonGraph verdictPlan a fixSerious severity, but no confirmed exploitation yet.
  • High severity, but no confirmed exploitation yet
CISA-KEV: Not listedEPSS: 0%CVSS: 7.8Exploit: NoneExposed: 0

No vendor fix yet — apply a workaround or compensating control (WAF / firewall / segmentation) and watch for a patch.

In the Linux kernel, the following vulnerability has been resolved:

bpf: Free reuseport cBPF prog after RCU grace period.

Eulgyu Kim reported the splat below with a repro. [0]

The repro sets up a UDP reuseport group with a cBPF prog and replaces it with a new one while another thread is sending a UDP packet to the group.

The reuseport prog is freed by sk_reuseport_prog_free(). bpf_prog_put() is called for "e"BPF prog to destruct through multiple stages while cBPF prog is freed immediately by bpf_release_orig_filter() and bpf_prog_free().

If a reuseport prog is detached from the setsockopt() path (reuseport_attach_prog() or reuseport_detach_prog()), sk_reuseport_prog_free() is called without waiting for RCU readers to complete, resulting in various bugs.

Let's defer freeing the reuseport cBPF prog after one RCU grace period.

Note "e"BPF prog is safe as is unless the fast path starts to touch fields destroyed in bpf_prog_put_deferred() and __bpf_prog_put_noref().

[0]: BUG: KASAN: vmalloc-out-of-bounds in reuseport_select_sock+0xedc/0x1220 net/core/sock_reuseport.c:596 Read of size 4 at addr ffffc9000051e004 by task slowme/10208 CPU: 6 UID: 1000 PID: 10208 Comm: slowme Not tainted 7.0.0-geb7ac95ff75e #32 PREEMPT(full) Hardware name: QEMU Ubuntu 24.04 PC v2 (i440FX + PIIX, arch_caps fix, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 Call Trace: dump_stack_lvl+0xe8/0x150 lib/dump_stack.c:120 print_address_description mm/kasan/report.c:378 [inline] print_report+0xca/0x240 mm/kasan/report.c:482 kasan_report+0x118/0x150 mm/kasan/report.c:595 reuseport_select_sock+0xedc/0x1220 net/core/sock_reuseport.c:596 udp4_lib_lookup2+0x3bc/0x950 net/ipv4/udp.c:495 __udp4_lib_lookup+0x768/0xe20 net/ipv4/udp.c:723 __udp4_lib_lookup_skb+0x297/0x390 net/ipv4/udp.c:752 __udp4_lib_rcv+0x1312/0x2620 net/ipv4/udp.c:2752 ip_protocol_deliver_rcu+0x282/0x440 net/ipv4/ip_input.c:207 ip_local_deliver_finish+0x3bb/0x6f0 net/ipv4/ip_input.c:241 NF_HOOK+0x30c/0x3a0 include/linux/netfilter.h:318 NF_HOOK+0x30c/0x3a0 include/linux/netfilter.h:318 __netif_receive_skb_one_core net/core/dev.c:6181 [inline] __netif_receive_skb net/core/dev.c:6294 [inline] process_backlog+0xaa4/0x1960 net/core/dev.c:6645 __napi_poll+0xae/0x340 net/core/dev.c:7709 napi_poll net/core/dev.c:7772 [inline] net_rx_action+0x5d7/0xf50 net/core/dev.c:7929 handle_softirqs+0x22b/0x870 kernel/softirq.c:622 do_softirq+0x76/0xd0 kernel/softirq.c:523 __local_bh_enable_ip+0xf8/0x130 kernel/softirq.c:450 local_bh_enable include/linux/bottom_half.h:33 [inline] rcu_read_unlock_bh include/linux/rcupdate.h:924 [inline] __dev_queue_xmit+0x1dd7/0x3710 net/core/dev.c:4890 neigh_output include/net/neighbour.h:556 [inline] ip_finish_output2+0xca9/0x1070 net/ipv4/ip_output.c:237 NF_HOOK_COND include/linux/netfilter.h:307 [inline] ip_output+0x29f/0x450 net/ipv4/ip_output.c:438 ip_send_skb+0x45/0xc0 net/ipv4/ip_output.c:1508 udp_send_skb+0xb04/0x1510 net/ipv4/udp.c:1195 udp_sendmsg+0x1a71/0x2350 net/ipv4/udp.c:1485 sock_sendmsg_nosec net/socket.c:727 [inline] __sock_sendmsg net/socket.c:742 [inline] __sys_sendto+0x554/0x680 net/socket.c:2206 __do_sys_sendto net/socket.c:2213 [inline] __se_sys_sendto net/socket.c:2209 [inline] __x64_sys_sendto+0xde/0x100 net/socket.c:2209 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0x160/0xf80 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x415a2d Code: b3 66 2e 0f 1f 84 00 00 00 00 00 66 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f6bc31e41e8 EFLAGS: 00000212 ORIG_RAX: 000000000000002c RAX: ffffffffffffffda RBX: 00007f6bc31e4cdc RCX: 0000000000415a2d RDX: 0000000000000001 RSI: 00007f6bc31e421f RDI: 0000000000000003 RBP: 00007f6bc31e4240 R08: 00007f6bc31e4220 R09: 0000000000000010 R10: 0000000000000000 R11: ---truncated---

CVSS v3
7.8
EG Score
7.8(high)
EPSS
1.1%
KEV
Not listed

Published

June 19, 2026

Last Modified

July 6, 2026

Advisory Details (8)

Auto-updated Jun 28, 2026
No patch confirmed yet.
generic

bpf: Free reuseport cBPF prog after RCU grace period. - kernel/git/stable/linux.git - Linux kernel stable tree

https://git.kernel.org/stable/c/fec41484e7c2aa7ded44c541bba98872be937754
generic

bpf: Free reuseport cBPF prog after RCU grace period. - kernel/git/stable/linux.git - Linux kernel stable tree

https://git.kernel.org/stable/c/f8b8f1d4bb76098e87b8269a0631019648330e6d
generic

bpf: Free reuseport cBPF prog after RCU grace period. - kernel/git/stable/linux.git - Linux kernel stable tree

https://git.kernel.org/stable/c/c3e3fddda6b5d9ba505d218b4055e7d8a282ac57
generic

bpf: Free reuseport cBPF prog after RCU grace period. - kernel/git/stable/linux.git - Linux kernel stable tree

https://git.kernel.org/stable/c/90e47dc5c572d1c73971ac51c7428803f42b78eb
generic

bpf: Free reuseport cBPF prog after RCU grace period. - kernel/git/stable/linux.git - Linux kernel stable tree

https://git.kernel.org/stable/c/87dfb977bdb6eaa47e9993a34e18f44970f88b1f
generic

bpf: Free reuseport cBPF prog after RCU grace period. - kernel/git/stable/linux.git - Linux kernel stable tree

https://git.kernel.org/stable/c/298db6167f81e9c470a57cf652e4e47757b4293e
generic

bpf: Free reuseport cBPF prog after RCU grace period. - kernel/git/stable/linux.git - Linux kernel stable tree

https://git.kernel.org/stable/c/18fc650ccd7fe3376eca89203668cfb8268f60df
generic

bpf: Free reuseport cBPF prog after RCU grace period. - kernel/git/stable/linux.git - Linux kernel stable tree

https://git.kernel.org/stable/c/08264d5bba0bdd3a79bc2984fee09286aba0c4eb

Vendor Advisories for CVE-2026-52910(2)

These vendors published their own advisory mentioning this CVE — often with vendor-specific remediation steps + affected product lists not in NVD.

Weakness Classification(1)

MITRE Common Weakness Enumeration — the root-cause categories this CVE belongs to.

Data Freshness Timeline

(refreshed 30× in last 7d / 47× in last 30d)

Each row is a source pipeline that fetched or updated this CVE on that date, with what changed. For example, "NVD update" means NVD published or revised its analysis for this CVE; "MITRE cvelistV5" means we ingested or refreshed it from the CNA feed. Most recent first.

  1. 2026-07-06 18:58 UTCEG score recompute
  2. 2026-07-06 18:58 UTCGHSA enrichment
  3. 2026-07-06 05:28 UTCEG score recompute
  4. 2026-07-06 05:28 UTCGHSA enrichment
  5. 2026-07-05 17:30 UTCEG score recompute
  6. 2026-07-05 17:29 UTCGHSA enrichment
  7. 2026-07-05 05:33 UTCEG score recompute
  8. 2026-07-05 05:33 UTCGHSA enrichment
  9. 2026-07-05 02:30 UTCEPSS rescore
  10. 2026-07-04 17:30 UTCEG score recompute
  11. 2026-07-04 17:30 UTCGHSA enrichment
  12. 2026-07-04 06:31 UTCEPSS rescore
  13. 2026-07-04 05:33 UTCEG score recompute
  14. 2026-07-04 05:33 UTCGHSA enrichment
  15. 2026-07-03 17:32 UTCEG score recompute
  16. 2026-07-03 17:32 UTCGHSA enrichment
  17. 2026-07-03 05:35 UTCEG score recompute
  18. 2026-07-03 05:35 UTCGHSA enrichment
  19. 2026-07-02 17:29 UTCEG score recompute
  20. 2026-07-02 17:29 UTCGHSA enrichment
  21. 2026-07-02 05:31 UTCEG score recompute
  22. 2026-07-02 05:31 UTCGHSA enrichment
  23. 2026-07-01 17:35 UTCEG score recompute
  24. 2026-07-01 17:34 UTCGHSA enrichment
  25. 2026-07-01 15:07 UTCEPSS rescore
Show 22 more
  1. 2026-07-01 05:35 UTCEG score recompute
  2. 2026-07-01 05:35 UTCGHSA enrichment
  3. 2026-06-30 23:22 UTCEPSS rescore
  4. 2026-06-30 17:38 UTCEG score recompute 7.80
  5. 2026-06-30 17:38 UTCGHSA enrichment
  6. 2026-06-29 14:06 UTCEPSS rescore
  7. 2026-06-29 14:06 UTCEPSS rescore
  8. 2026-06-28 14:07 UTCEPSS rescore
  9. 2026-06-28 07:52 UTCMITRE cvelistV5CVSS v3 → 7.8 · severity → HIGH
  10. 2026-06-28 04:56 UTCEPSS rescore
  11. 2026-06-28 04:56 UTCEPSS rescore
  12. 2026-06-27 23:14 UTCGHSA enrichment
  13. 2026-06-27 03:08 UTCEPSS rescore
  14. 2026-06-25 13:49 UTCEPSS rescore
  15. 2026-06-25 04:50 UTCEG score recompute
  16. 2026-06-25 04:49 UTCGHSA enrichment
  17. 2026-06-24 14:05 UTCEPSS rescore
  18. 2026-06-23 21:33 UTCEPSS rescore
  19. 2026-06-23 21:33 UTCEPSS rescore
  20. 2026-06-22 10:22 UTCGHSA enrichment
  21. 2026-06-19 15:56 UTCEG score recompute
  22. 2026-06-19 15:55 UTCGHSA enrichment

Frequently asked(5)

What is CVE-2026-52910?
CVE-2026-52910 is a high vulnerability published on June 19, 2026. In the Linux kernel, the following vulnerability has been resolved: bpf: Free reuseport cBPF prog after RCU grace period. Eulgyu Kim reported the splat below with a repro. [0] The repro sets up a UDP reuseport group with a cBPF prog and replaces it with a new one while another thread is sending a…
When was CVE-2026-52910 disclosed?
CVE-2026-52910 was first published in the National Vulnerability Database on June 19, 2026, with the most recent update on July 6, 2026. EchelonGraph re-ingests CVE updates from NVD on a 2-hour cycle, so this page reflects the latest published state.
Is CVE-2026-52910 actively exploited?
CVE-2026-52910 is not currently on CISA's Known Exploited Vulnerabilities catalog. FIRST EPSS estimates a 1.1% percentile likelihood of exploitation in the next 30 days — higher percentiles indicate greater predicted risk.
What is the CVSS score of CVE-2026-52910?
CVE-2026-52910 has a CVSS v3 base score of 7.8 (NVD).
How do I remediate CVE-2026-52910?
Patch to the fixed version published by the affected vendor. Where vendor advisories exist for CVE-2026-52910, EchelonGraph cross-links them in the Vendor Advisories panel below — those typically contain the canonical remediation steps, fixed version numbers, and any vendor-specific mitigations.

Dependency Blast Radius

Explore the affected products and dependency analysis for CVE-2026-52910

Explore →

Is Your Infrastructure Affected by CVE-2026-52910?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.