CVE-2026-53022 Affecting kernel-64k-devel-matched package, versions *


Severity

Recommended
medium

Based on CentOS security rating.

Threat Intelligence

EPSS
0.17% (7th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-CENTOS10-KERNEL64KDEVELMATCHED-17696659
  • published30 Jun 2026
  • disclosed24 Jun 2026

Introduced: 24 Jun 2026

NewCVE-2026-53022  (opens in a new tab)

How to fix?

There is no fixed version for Centos:10 kernel-64k-devel-matched.

NVD Description

Note: Versions mentioned in the description apply only to the upstream kernel-64k-devel-matched package and not the kernel-64k-devel-matched package as distributed by Centos. See How to fix? for Centos:10 relevant fixed versions and status.

In the Linux kernel, the following vulnerability has been resolved:

platform/x86: dell-wmi-sysman: bound enumeration string aggregation

populate_enum_data() aggregates firmware-provided value-modifier and possible-value strings into fixed 512-byte struct members. The current code bounds each individual source string but then appends every string and separator with raw strcat() and no remaining-space check.

Switch the aggregation loops to a bounded append helper and reject enumeration packages whose combined strings do not fit in the destination buffers.

[ij: add include]

CVSS Base Scores

version 3.1