PULSE
LIVE37signals / 24h
FEED
ransomgunra reclama a Dissinger and Dissinger Law Firm · US · Business Servicesransomplay reclama a Boston Electric and Telephone · US · Telecommunicationransomplay reclama a Wring Group · GB · Not Foundransomincransom reclama a asa-international.com · GB · Business Servicesransomplay reclama a AG Scholtes · NL · Manufacturingransomplay reclama a Andorra Life · AD · Healthcareransomplay reclama a Svensk Direktreklam · SE · Business Servicesransomchaos reclama a radiax.com · US · Technologyransominterlock reclama a Converting Equipment International · GB · Manufacturingransomblack x reclama a sanaa · YE · Not Foundransomthegentlemen reclama a Tangram Interiors · GB · Business Servicesransomthegentlemen reclama a BRAC · BD · Business Servicesransomthegentlemen reclama a Customs Watch · US · Public Sectorransomthegentlemen reclama a Gallant · FI · Not Foundransomgunra reclama a Dissinger and Dissinger Law Firm · US · Business Servicesransomplay reclama a Boston Electric and Telephone · US · Telecommunicationransomplay reclama a Wring Group · GB · Not Foundransomincransom reclama a asa-international.com · GB · Business Servicesransomplay reclama a AG Scholtes · NL · Manufacturingransomplay reclama a Andorra Life · AD · Healthcareransomplay reclama a Svensk Direktreklam · SE · Business Servicesransomchaos reclama a radiax.com · US · Technologyransominterlock reclama a Converting Equipment International · GB · Manufacturingransomblack x reclama a sanaa · YE · Not Foundransomthegentlemen reclama a Tangram Interiors · GB · Business Servicesransomthegentlemen reclama a BRAC · BD · Business Servicesransomthegentlemen reclama a Customs Watch · US · Public Sectorransomthegentlemen reclama a Gallant · FI · Not Found
← All CVEs
CVE WatchJul 14, 2026

CVE-2026-53008

In the Linux kernel, the following vulnerability has been resolved: ice: fix race condition in TX timestamp ring cleanup Fix a race condit

CVSS

4.7

Medium

EPSS

0.1%

p0

KEV

Exploit Today

0

0-100

Published: Jun 24, 2026 · Last modified: Jul 14, 2026 · CWE-362

EPSS · 30d
0.1%EPSS · 30 days0.2%
2026-06-302026-07-16
Technical description

In the Linux kernel, the following vulnerability has been resolved: ice: fix race condition in TX timestamp ring cleanup Fix a race condition between ice_free_tx_tstamp_ring() and ice_tx_map() that can cause a NULL pointer dereference. ice_free_tx_tstamp_ring currently clears the ICE_TX_FLAGS_TXTIME flag after NULLing the tstamp_ring. This could allow a concurrent ice_tx_map call on another CPU to dereference the tstamp_ring, which could lead to a NULL pointer dereference. CPU A:ice_free_tx_tstamp_ring() | CPU B:ice_tx_map() --------------------------------|--------------------------------- tx_ring->tstamp_ring = NULL | | ice_is_txtime_cfg() -> true | tstamp_ring = tx_ring->tstamp_ring | tstamp_ring->count // NULL deref! flags &= ~ICE_TX_FLAGS_TXTIME | Fix by: 1. Reordering ice_free_tx_tstamp_ring() to clear the flag before NULLing the pointer, with smp_wmb() to ensure proper ordering. 2. Adding smp_rmb() in ice_tx_map() after the flag check to order the flag read before the pointer read, using READ_ONCE() for the pointer, and adding a NULL check as a safety net. 3. Converting tx_ring->flags from u8 to DECLARE_BITMAP() and using atomic bitops (set_bit(), clear_bit(), test_bit()) for all flag operations throughout the driver: - ICE_TX_RING_FLAGS_XDP - ICE_TX_RING_FLAGS_VLAN_L2TAG1 - ICE_TX_RING_FLAGS_VLAN_L2TAG2 - ICE_TX_RING_FLAGS_TXTIME

Official references
Related CVEs
CVECVSSEPSSKEVRExploitTitleMod.
CVE-2022-250908.1 HIG
95.4%
29Printix Secure Cloud Print Management through 1.3.1106.0 creates a temporary temp.ini file in a directory with insecure permissions, leading to privilege escalation because of a race condition.8d
CVE-2026-506677.8 HIG
80.1%
24Concurrent execution using shared resource with improper synchronization ('race condition') in Windows NTFS allows an authorized attacker to elevate privileges locally.20h
CVE-2026-59477.5 HIG
69.1%
21Undefined behavior may result due to a race condition leading to a use-after-free violation. If BIND receives an incoming DNS message signed with SIG(0), it begins work to validate that signature. If, during that validation, the "recursive-clients" limit is reached (as would occur during a query flood), and that same DNS message is discarded per the limit, there is a brief window of time while the SIG(0) validation may attempt to read the now-discarded DNS message. This issue affects BIND 9 versions 9.20.0 through 9.20.22, 9.21.0 through 9.21.21, and 9.20.9-S1 through 9.20.22-S1. BIND 9 versions 9.18.28 through 9.18.49 and 9.18.28-S1 through 9.18.49-S1 are NOT affected.2d
CVE-2026-561889.8 CRI
58.8%
18Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Server Network driver allows an unauthorized attacker to execute code over a network.2d
CVE-2026-503698.8 HIG
47.1%
14Use after free in Windows Remote Desktop Services allows an authorized attacker to elevate privileges over a network.2d
CVE-2026-566495.9 MED
46.6%
14Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Network File System allows an unauthorized attacker to execute code over a network.2d