{"@context":"https://openvex.dev/ns/v0.2.0","@id":"https://database.harborguard.co/cve/CVE-2026-53215/vex.json","author":"HarborGuard Database","role":"Document Creator","timestamp":"2026-06-28T06:40:28.295Z","version":1,"tooling":"HarborGuard Database (https://database.harborguard.co)","statements":[{"vulnerability":{"name":"CVE-2026-53215","@id":"https://www.cve.org/CVERecord?id=CVE-2026-53215","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: mvpp2: refill RX buffers before XDP or skb use\n\nThe RX error path returns the current descriptor buffer to the hardware\nBM pool. That is only valid while the driver still owns the buffer.\n\nmvpp2_rx_refill() can fail after the current buffer has been handed to\nXDP or attached to an skb. In those cases mvpp2_run_xdp() may have\nrecycled, redirected, or queued the page for XDP_TX, and an skb free also\nretires the data buffer. "},"products":[{"@id":"cpe:2.3:a:linux:linux:*:*:*:*:*:*:*:*","identifiers":{"cpe23":"cpe:2.3:a:linux:linux:*:*:*:*:*:*:*:*"}},{"@id":"cpe:2.3:a:linux:linux:5.9:*:*:*:*:*:*:*","identifiers":{"cpe23":"cpe:2.3:a:linux:linux:5.9:*:*:*:*:*:*:*"}}],"status":"affected","action_statement":"Update to a fixed version: 0, 02e1b5c4d3b4c658b72c145427cded1bba613fc1, 5.8, 5.9, 5.15.210, 580f92f27cb8724bcc4be98ee89890eab524a2ae, 5e8e2a9624df72fca7c736b2966b2cbf6c9c3ff6, 6.1.176, 6.6.143, 6.12.94, 6.18.36, 7.0.13, 7.1, 8a2126c5afe89f8ceeb60a3afb9f075b736194cd, a03cdcedb2cbcc42551dc3e4746929e93c5352d5, a88b3293b556f4d8fba11db9a8061a6b0d3b69e6, d0c8c4fbd22d260fe28530260656c5fb3c20ce84.","timestamp":"2026-06-28T06:40:28.295Z"}]}