Bug 2493708 (CVE-2026-53321)

Summary: CVE-2026-53321 kernel: io_uring/napi: cap busy_poll_to 10 msec
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security <prodsec-ir-bot>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: rhel-process-autobot, watson-tool-maintainers
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
A flaw was found in the Linux kernel's io_uring subsystem, specifically in the Networked Asynchronous Packet Interface (NAPI) busy polling. This vulnerability allows NAPI to poll indefinitely for events when none are present, which can cause a task to become stuck. This can lead to a Denial of Service (DoS) condition, making the system unresponsive. The issue is addressed by implementing a 10-millisecond cap on the busy polling duration.
Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description OSIDB Bzimport 2026-06-26 21:02:04 UTC
In the Linux kernel, the following vulnerability has been resolved:

io_uring/napi: cap busy_poll_to 10 msec

Currently there's no cap on the maximum amount of time that napi is
allowed to poll if no events are found, which can lead to kernel
complaints on a task being stuck as there's no conditional rescheduling
done within that loop.

Just cap it to 10 msec in total, that's already way above any kind of
sane value that will reap any benefits, yet low enough that it's
nowhere near being able to trigger preemption complaints.

Comment 1 Mauro Matteo Cascella 2026-06-29 10:41:24 UTC
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2026062622-CVE-2026-53321-d475@gregkh/T