CVE-2026-52975

HIGHPre-NVD 7.87.8
EchelonGraph scoreHIGH confidence

Score 7.8 from GitHub Security Advisory (severity: HIGH) published 2026-06-24. a secondary CVSS source baseline 7.8; sources differ by 0.0.

Triggered by: GitHub Security Advisory CVSS
Sources: epss, ghsa, secondary
Trending — 3 sources updated this week
7.8
EchelonGraph verdictPlan a fixSerious severity, but no confirmed exploitation yet.
  • High severity, but no confirmed exploitation yet
CISA-KEV: Not listedEPSS: 0%CVSS: 7.8Exploit: NoneExposed: 0

No vendor fix yet — apply a workaround or compensating control (WAF / firewall / segmentation) and watch for a patch.

In the Linux kernel, the following vulnerability has been resolved:

bonding: 3ad: implement proper RCU rules for port->aggregator

syzbot found a data-race in bond_3ad_get_active_agg_info / bond_3ad_state_machine_handler [1] which hints at lack of proper RCU implementation.

Add __rcu qualifier to port->aggregator, and add proper RCU API.

[1]

BUG: KCSAN: data-race in bond_3ad_get_active_agg_info / bond_3ad_state_machine_handler

write to 0xffff88813cf5c4b0 of 8 bytes by task 36 on cpu 0: ad_port_selection_logic drivers/net/bonding/bond_3ad.c:1659 [inline] bond_3ad_state_machine_handler+0x9d5/0x2d60 drivers/net/bonding/bond_3ad.c:2569 process_one_work kernel/workqueue.c:3302 [inline] process_scheduled_works+0x4f0/0x9c0 kernel/workqueue.c:3385 worker_thread+0x58a/0x780 kernel/workqueue.c:3466 kthread+0x22a/0x280 kernel/kthread.c:436 ret_from_fork+0x146/0x330 arch/x86/kernel/process.c:158 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245

read to 0xffff88813cf5c4b0 of 8 bytes by task 22063 on cpu 1: __bond_3ad_get_active_agg_info drivers/net/bonding/bond_3ad.c:2858 [inline] bond_3ad_get_active_agg_info+0x8c/0x230 drivers/net/bonding/bond_3ad.c:2881 bond_fill_info+0xe0f/0x10f0 drivers/net/bonding/bond_netlink.c:853 rtnl_link_info_fill net/core/rtnetlink.c:906 [inline] rtnl_link_fill+0x1d7/0x4e0 net/core/rtnetlink.c:927 rtnl_fill_ifinfo+0xf8e/0x1380 net/core/rtnetlink.c:2168 rtmsg_ifinfo_build_skb+0x11c/0x1b0 net/core/rtnetlink.c:4453 rtmsg_ifinfo_event net/core/rtnetlink.c:4486 [inline] rtmsg_ifinfo+0x6d/0x110 net/core/rtnetlink.c:4495 __dev_notify_flags+0x76/0x390 net/core/dev.c:9790 netif_change_flags+0xac/0xd0 net/core/dev.c:9823 do_setlink+0x905/0x2950 net/core/rtnetlink.c:3180 rtnl_group_changelink net/core/rtnetlink.c:3813 [inline] __rtnl_newlink net/core/rtnetlink.c:3981 [inline] rtnl_newlink+0xf55/0x1400 net/core/rtnetlink.c:4109 rtnetlink_rcv_msg+0x64b/0x720 net/core/rtnetlink.c:6995 netlink_rcv_skb+0x123/0x220 net/netlink/af_netlink.c:2550 rtnetlink_rcv+0x1c/0x30 net/core/rtnetlink.c:7022 netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline] netlink_unicast+0x5a8/0x680 net/netlink/af_netlink.c:1344 netlink_sendmsg+0x5c8/0x6f0 net/netlink/af_netlink.c:1894 sock_sendmsg_nosec net/socket.c:787 [inline] __sock_sendmsg net/socket.c:802 [inline] ____sys_sendmsg+0x563/0x5b0 net/socket.c:2698 ___sys_sendmsg+0x195/0x1e0 net/socket.c:2752 __sys_sendmsg net/socket.c:2784 [inline] __do_sys_sendmsg net/socket.c:2789 [inline] __se_sys_sendmsg net/socket.c:2787 [inline] __x64_sys_sendmsg+0xd4/0x160 net/socket.c:2787 x64_sys_call+0x194c/0x3020 arch/x86/include/generated/asm/syscalls_64.h:47 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0x12c/0x3b0 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f

value changed: 0x0000000000000000 -> 0xffff88813cf5c400

Reported by Kernel Concurrency Sanitizer on: CPU: 1 UID: 0 PID: 22063 Comm: syz.0.31122 Tainted: G W syzkaller #0 PREEMPT(full) Tainted: [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026

CVSS v3
7.8
EG Score
7.8(high)
EPSS
3.6%
KEV
Not listed

Published

June 24, 2026

Last Modified

July 4, 2026

Advisory Details (5)

Auto-updated Jun 28, 2026
No patch confirmed yet.
generic

bonding: 3ad: implement proper RCU rules for port->aggregator - kernel/git/stable/linux.git - Linux kernel stable tree

https://git.kernel.org/stable/c/c4f050ce06c56cfb5993268af4a5cb66ed1cd04e
generic

bonding: 3ad: implement proper RCU rules for port->aggregator - kernel/git/stable/linux.git - Linux kernel stable tree

https://git.kernel.org/stable/c/c169c5837525ad842df6a542facf52b6f866a519
generic

bonding: 3ad: implement proper RCU rules for port->aggregator - kernel/git/stable/linux.git - Linux kernel stable tree

https://git.kernel.org/stable/c/ba2272be04f0cb1e74e1e355ff32ef95df280731
generic

bonding: 3ad: implement proper RCU rules for port->aggregator - kernel/git/stable/linux.git - Linux kernel stable tree

https://git.kernel.org/stable/c/78f409fd34fe9de2b24ad8e9dca1b4608a48ed3d
generic

bonding: 3ad: implement proper RCU rules for port->aggregator - kernel/git/stable/linux.git - Linux kernel stable tree

https://git.kernel.org/stable/c/3b7265b3a82f40d2357c4004b26eb794a095b186

Vendor Advisories for CVE-2026-52975(2)

These vendors published their own advisory mentioning this CVE — often with vendor-specific remediation steps + affected product lists not in NVD.

Data Freshness Timeline

(refreshed 35× in last 7d / 47× in last 30d)

Each row is a source pipeline that fetched or updated this CVE on that date, with what changed. For example, "NVD update" means NVD published or revised its analysis for this CVE; "MITRE cvelistV5" means we ingested or refreshed it from the CNA feed. Most recent first.

  1. 2026-07-07 01:13 UTCEG score recompute
  2. 2026-07-07 01:13 UTCGHSA enrichment
  3. 2026-07-06 16:27 UTCEPSS rescore
  4. 2026-07-06 16:27 UTCEPSS rescore
  5. 2026-07-06 12:45 UTCEG score recompute
  6. 2026-07-06 12:44 UTCGHSA enrichment
  7. 2026-07-06 02:23 UTCEPSS rescore
  8. 2026-07-06 02:23 UTCEPSS rescore
  9. 2026-07-06 00:11 UTCEG score recompute
  10. 2026-07-06 00:11 UTCGHSA enrichment
  11. 2026-07-05 11:43 UTCEG score recompute
  12. 2026-07-05 11:43 UTCGHSA enrichment
  13. 2026-07-05 02:31 UTCEPSS rescore
  14. 2026-07-05 02:30 UTCEPSS rescore
  15. 2026-07-04 23:15 UTCEG score recompute
  16. 2026-07-04 23:15 UTCGHSA enrichment
  17. 2026-07-04 10:46 UTCEG score recompute
  18. 2026-07-04 10:46 UTCGHSA enrichment
  19. 2026-07-04 06:31 UTCEPSS rescore
  20. 2026-07-03 22:14 UTCEG score recompute
  21. 2026-07-03 22:14 UTCGHSA enrichment
  22. 2026-07-03 09:46 UTCEG score recompute
  23. 2026-07-03 09:46 UTCGHSA enrichment
  24. 2026-07-02 21:18 UTCEG score recompute
  25. 2026-07-02 21:18 UTCGHSA enrichment
Show 22 more
  1. 2026-07-02 08:49 UTCEG score recompute
  2. 2026-07-02 08:48 UTCGHSA enrichment
  3. 2026-07-01 20:15 UTCEG score recompute
  4. 2026-07-01 20:15 UTCGHSA enrichment
  5. 2026-07-01 15:07 UTCEPSS rescore
  6. 2026-07-01 07:47 UTCEG score recompute
  7. 2026-07-01 07:47 UTCGHSA enrichment
  8. 2026-06-30 23:22 UTCEPSS rescore
  9. 2026-06-30 19:18 UTCEG score recompute 7.80
  10. 2026-06-30 19:18 UTCGHSA enrichment
  11. 2026-06-29 14:06 UTCEPSS rescore
  12. 2026-06-29 14:06 UTCEPSS rescore
  13. 2026-06-28 14:07 UTCEPSS rescore
  14. 2026-06-28 07:52 UTCMITRE cvelistV5CVSS v3 → 7.8 · severity → HIGH
  15. 2026-06-28 04:56 UTCEPSS rescore
  16. 2026-06-28 04:56 UTCEPSS rescore
  17. 2026-06-27 18:53 UTCEG score recompute
  18. 2026-06-27 18:53 UTCGHSA enrichment
  19. 2026-06-27 03:08 UTCEPSS rescore
  20. 2026-06-25 13:49 UTCEPSS rescore
  21. 2026-06-24 18:27 UTCEG score recompute
  22. 2026-06-24 18:02 UTCNVD updatefirst tracked

Frequently asked(5)

What is CVE-2026-52975?
CVE-2026-52975 is a high vulnerability published on June 24, 2026. In the Linux kernel, the following vulnerability has been resolved: bonding: 3ad: implement proper RCU rules for port->aggregator syzbot found a data-race in bond3adgetactiveagg_info / bond3adstatemachinehandler [1] which hints at lack of proper RCU implementation. Add rcu qualifier to…
When was CVE-2026-52975 disclosed?
CVE-2026-52975 was first published in the National Vulnerability Database on June 24, 2026, with the most recent update on July 4, 2026. EchelonGraph re-ingests CVE updates from NVD on a 2-hour cycle, so this page reflects the latest published state.
Is CVE-2026-52975 actively exploited?
CVE-2026-52975 is not currently on CISA's Known Exploited Vulnerabilities catalog. FIRST EPSS estimates a 3.6% percentile likelihood of exploitation in the next 30 days — higher percentiles indicate greater predicted risk.
What is the CVSS score of CVE-2026-52975?
CVE-2026-52975 has a CVSS v3 base score of 7.8 (NVD).
How do I remediate CVE-2026-52975?
Patch to the fixed version published by the affected vendor. Where vendor advisories exist for CVE-2026-52975, EchelonGraph cross-links them in the Vendor Advisories panel below — those typically contain the canonical remediation steps, fixed version numbers, and any vendor-specific mitigations.

Dependency Blast Radius

Explore the affected products and dependency analysis for CVE-2026-52975

Explore →

Is Your Infrastructure Affected by CVE-2026-52975?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.