HarborGuardharborguardDatabase
Back to search
CRITICALCVE-2026-53045Published Modified CNA Linux

CVE-2026-53045: memory: tegra124-emc: Fix dll_change check

In the Linux kernel, the following vulnerability has been resolved: memory: tegra124-emc: Fix dll_change check The code checking whether the specified memory timing enables DLL in the EMRS register was reversed. DLL is enabled if bit A0 is low. Fix the check.

Metrics

CVSS v3.1
9.8
Severity
CRITICAL
Fixed in
0
Affected Products
2

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

A logic-inversion bug in the Linux kernel's Tegra124 external memory controller (EMC) driver causes incorrect DLL (delay-locked loop) enable/disable handling during memory frequency transitions. The flaw is reachable over the network with no authentication required and no user interaction needed. Successful exploitation gives an attacker full read, write, and availability impact on the affected system. A patched-image rebuild at the fix commit is available on HarborGuard for environments running an affected kernel version.

HarborGuard Coverage

Detection

Detection of CVE-2026-53045 is available across every HarborGuard environment; the CVE is ingested from upstream feeds within minutes of publication and matched against container images in customer registries and CI/CD pipelines, including custom-built images that bundle an affected Linux kernel version.

Available
Triage

HarborGuard scores this CVE at 9.8 CRITICAL (CVSS v3.1) and surfaces it with that severity weighting applied against each environment's compliance policy; findings are routed to the appropriate team inbox within each customer organization based on image ownership and policy configuration.

Available
Patch

A patched-image rebuild at the fix commits is available on HarborGuard for any environment where an affected kernel version is detected. For customers who opt into auto-remediation, HarborGuard triggers a rebuild, runs a regression test suite, and opens a pull request against affected workloads automatically.

Available

Exploit Conditions

  • Network reachabilityRequired

    The attacker must reach the service over the network; no local or physical access is required (AV:N).

  • AuthenticationNot required

    No credentials or session token are needed to attempt exploitation (PR:N).

  • Victim interactionNot required

    The attack completes without any action from a logged-in user or administrator (UI:N).

  • Attack complexityDetail

    Exploitation is reliable and imposes no special preconditions such as race conditions or memory-layout dependencies (AC:L).

Blast Radius

  • A successful attacker reads arbitrary kernel memory, exposing stored secrets, session tokens, and sensitive process data.
  • A successful attacker writes to kernel memory, allowing modification of persisted data structures or injection of malicious content.
  • A successful attacker crashes or destabilizes the affected system, causing a denial-of-service condition for all workloads on the host.
  • Because the flaw sits in a memory controller driver, exploitation during a frequency-scaling event can corrupt memory state across multiple running processes simultaneously.

How HarborGuard Handles This

Available on HarborGuard: detection fires within minutes of CVE publication for any image found to bundle a Linux kernel version affected by this driver bug, covering both upstream base images and internally built custom images. Where a customer's compliance policy permits auto-remediation, HarborGuard triggers a rebuild at the patched commit, runs a regression test pass, and opens a pull request against the affected workload; median time from CVE publication to merged patch PR for critical-severity issues is around 90 minutes for environments with auto-remediation enabled. For environments where auto-remediation is not enabled, the finding is surfaced in the HarborGuard dashboard with CVSS 9.8 CRITICAL priority so the responsible team can act immediately. Network-policy isolation of workloads running the affected kernel, combined with egress filtering to reduce the kernel's network attack surface, is a viable compensating control while a kernel update is staged.

See how HarborGuard automates this

Fix available

005f138fc7e27ee8e7a83ccf966c3fa26cda44dda1793249c067a4b28e1aba0ad0e4d73aa9f9e165a1ebbbef47d11cc90219c081492ccf995aaa3e9b32369b1831161356e1bcb51385d3e532dc4fe27715.10.2585.15.2096.1.1756.6.1416.12.916.18.337.0.107.17e19e72f306484996c52ff96cc92f69b78ed54359597ab9a8296ab337e6820f8a717ff621078b632a85967331144fde9300be38bb44d2558eb6b742edb0ae80865b515cc0b705c85877ec00f7eebe9fe
Affected packages
  • Linux / Linux
    < a85967331144fde9300be38bb44d2558eb6b742e (from 73a7f0a90641b09300d47308682b674c570dd6a2) · < db0ae80865b515cc0b705c85877ec00f7eebe9fe (from 73a7f0a90641b09300d47308682b674c570dd6a2) · < 2369b1831161356e1bcb51385d3e532dc4fe2771 (from 73a7f0a90641b09300d47308682b674c570dd6a2) · < 7e19e72f306484996c52ff96cc92f69b78ed5435 (from 73a7f0a90641b09300d47308682b674c570dd6a2) · < 05f138fc7e27ee8e7a83ccf966c3fa26cda44dda (from 73a7f0a90641b09300d47308682b674c570dd6a2) · < 1793249c067a4b28e1aba0ad0e4d73aa9f9e165a (from 73a7f0a90641b09300d47308682b674c570dd6a2)
  • Linux / Linux
    4.2
    Fixed in 0, 5.10.258, 5.15.209, 6.1.175, 6.6.141, 6.12.91, 6.18.33, 7.0.10, 7.1
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References