HarborGuardharborguardDatabase
Back to search
CRITICALCVE-2026-53055Published Modified CNA Linux

CVE-2026-53055: crypto: hisilicon/sec2 - prevent req used-after-free for sec

In the Linux kernel, the following vulnerability has been resolved: crypto: hisilicon/sec2 - prevent req used-after-free for sec During packet transmission, if the system is under heavy load, the hardware might complete processing the packet and free the request memory (req) before the transmission function finishes. If the software subsequently accesses this req, a use-after-free error will occur. The qp_ctx memory exists throughout the packet sending process, so replace the req with the qp_ctx.

Metrics

CVSS v3.1
9.8
Severity
CRITICAL
Fixed in
0
Affected Products
2

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

A use-after-free vulnerability exists in the Linux kernel's HiSilicon SEC2 crypto driver (hisilicon/sec2). The flaw is reachable over the network without any authentication or user interaction, and arises when heavy system load causes hardware to free a request buffer before the transmission function completes, leaving a dangling pointer the software then accesses. Successful exploitation gives an attacker full read, write, and crash capabilities on the affected system. Patched-image rebuilds at fix versions 6.18.33, 7.0.10, and 7.1 are available on HarborGuard for environments running an affected kernel version.

HarborGuard Coverage

Detection

Detection of CVE-2026-53055 is available across every HarborGuard environment: the CVE is ingested from upstream feeds within minutes of publication and matched against all container images in customer registries and CI/CD pipelines, including custom-built images that bundle an affected Linux kernel version.

Available
Triage

HarborGuard scores this CVE at 9.8 CRITICAL using the provided CVSS v3.1 vector, and is capable of weighting that score against each environment's compliance policy to determine urgency and route findings to the appropriate team inbox within each customer organization.

Available
Patch

A patched-image rebuild at the applicable fix version (6.18.33, 7.0.10, or 7.1) becomes available on HarborGuard once the upstream fix is confirmed present in a base image. For customers who opt into auto-remediation, HarborGuard rebuilds the image, runs a regression test suite, and opens a pull request against affected workloads automatically.

Available

Exploit Conditions

  • Network reachabilityRequired

    The vulnerability is reachable over the network (AV:N), meaning an attacker must be able to send traffic to the exposed service to trigger the race condition.

  • AuthenticationNot required

    No credentials are needed (PR:N); an unauthenticated attacker can attempt exploitation directly.

  • Victim interactionNot required

    No user or administrator action is required to trigger the flaw (UI:N); the attacker does not rely on social engineering.

  • Attack complexityDetail

    Attack complexity is rated Low (AC:L), meaning the exploit is reliable and does not depend on specific memory layouts, race-window timing beyond the load condition described, or other environmental prerequisites.

Blast Radius

  • A successful attacker reads arbitrary kernel memory, exposing cryptographic key material, session tokens, or other sensitive data processed by the SEC2 engine.
  • An attacker writes to freed memory, corrupting kernel data structures and enabling privilege escalation or arbitrary code execution in kernel context.
  • The use-after-free can crash the kernel outright, taking down the host and all containers running on it.
  • Any workload relying on the HiSilicon SEC2 hardware crypto offload path loses availability until the system is recovered.

How HarborGuard Handles This

Available on HarborGuard: detection against all customer images is active the moment the CVE is published, with no manual configuration required. For environments running an affected Linux kernel version, a patched-image rebuild at version 6.18.33, 7.0.10, or 7.1 is made available as soon as a conforming upstream base image is confirmed. For customers who opt into auto-remediation, HarborGuard rebuilds the image, executes a regression test run, and opens a pull request against affected workloads; for high and critical severity issues, the median time from CVE publication to merged patch PR is around 90 minutes in environments with auto-remediation enabled. Where compliance policy does not permit auto-remediation, findings are routed to the designated team inbox with full CVSS context for manual review. As an interim compensating control, network policy rules that restrict which services can reach the SEC2-backed crypto endpoint reduce the exposed attack surface until a patched image is deployed.

See how HarborGuard automates this

Fix available

06.18.3367b53a660e6bf0da2fa8d8872e897a14d8059eaf7.0.107.1ad73563f3a1edbfddf2724136c6a15826b354e18b375c3c7209cc59e40e97998aa9bc768369cca0e
Affected packages
  • Linux / Linux
    < b375c3c7209cc59e40e97998aa9bc768369cca0e (from f0ae287c50455f7be0d8dd45a803d403c7aa4d2e) · < ad73563f3a1edbfddf2724136c6a15826b354e18 (from f0ae287c50455f7be0d8dd45a803d403c7aa4d2e) · < 67b53a660e6bf0da2fa8d8872e897a14d8059eaf (from f0ae287c50455f7be0d8dd45a803d403c7aa4d2e)
  • Linux / Linux
    6.17
    Fixed in 0, 6.18.33, 7.0.10, 7.1
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References