ocfs2/dlm: fix off-by-one in dlm_match_regions() region comparison_CVE-2026-53309

9.8 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

In the Linux kernel, the following vulnerability has been resolved:

ocfs2/dlm: fix off-by-one in dlm_match_regions() region comparison

The local-vs-remote region comparison loop uses '<=' instead of '<',
causing it to read one entry past the valid range of qr_regions. The
other loops in the same function correctly use '<'.

Fix the loop condition to use '<' for consistency and correctness.

AI Analysis

Off-by-one error in the dlm_match_regions() function in the ocfs2/dlm component of the Linux kernel, allowing an attacker to read one entry past the valid range of qr_regions.

Basic Information

ID CVE-2026-53309

Source Linux

Published Jun 26, 2026 at 19:41

Modified Jun 28, 2026 at 06:41

Affected Product

Vendor Linux

Product Linux

Version ea2034416b54700e30371f2ad6517cbb94674083

Affected Versions Linux Linux ea2034416b54700e30371f2ad6517cbb94674083
Linux Linux ea2034416b54700e30371f2ad6517cbb94674083
Linux Linux ea2034416b54700e30371f2ad6517cbb94674083
Linux Linux ea2034416b54700e30371f2ad6517cbb94674083
Linux Linux ea2034416b54700e30371f2ad6517cbb94674083
Linux Linux ea2034416b54700e30371f2ad6517cbb94674083
Linux Linux ea2034416b54700e30371f2ad6517cbb94674083
Linux Linux ea2034416b54700e30371f2ad6517cbb94674083
Linux Linux 2.6.37

AI Assessment

AI Score 9.8 / 10

AI Severity Critical

Vendor Linux

Product Linux Kernel

Version ea2034416b54700e30371f2ad6517cbb94674083, 2.6.37

References

{
    "lastseen": "",
    "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2/dlm: fix off-by-one in dlm_match_regions() region comparison\n\nThe local-vs-remote region comparison loop uses '<=' instead of '<',\ncausing it to read one entry past the valid range of qr_regions.  The\nother loops in the same function correctly use '<'.\n\nFix the loop condition to use '<' for consistency and correctness.",
    "published": "2026-06-26T19:41:03.505Z",
    "modified": "2026-06-28T06:41:30.026Z",
    "type": "cve",
    "title": "ocfs2/dlm: fix off-by-one in dlm_match_regions() region comparison",
    "source": "Linux",
    "references": "https://git.kernel.org/stable/c/760ab35040aca8399021fdb9ff1db1089feb7194\nhttps://git.kernel.org/stable/c/c60a2710b73838d250cda57344c049b89abc5d52\nhttps://git.kernel.org/stable/c/2a0673836f019e7c032acbf48d022d5ccf02a845\nhttps://git.kernel.org/stable/c/819d8ebad3200a53de99bd7e297bc428e41ced54\nhttps://git.kernel.org/stable/c/d5403ae28085761d58b555645bc7d5feadb10073\nhttps://git.kernel.org/stable/c/1fb7f356547d9688822315cd2b205ff0bd5429b4\nhttps://git.kernel.org/stable/c/426cd8eedac89b86148d4478990eeef16e8a2520\nhttps://git.kernel.org/stable/c/01b61e8dda9b0fdb0d4cda43de25f4e390554d7b",
    "id": "CVE-2026-53309",
    "bulletinFamily": "",
    "cwe": null,
    "cvelist": null,
    "sourceData": "Linux Linux ea2034416b54700e30371f2ad6517cbb94674083\nLinux Linux ea2034416b54700e30371f2ad6517cbb94674083\nLinux Linux ea2034416b54700e30371f2ad6517cbb94674083\nLinux Linux ea2034416b54700e30371f2ad6517cbb94674083\nLinux Linux ea2034416b54700e30371f2ad6517cbb94674083\nLinux Linux ea2034416b54700e30371f2ad6517cbb94674083\nLinux Linux ea2034416b54700e30371f2ad6517cbb94674083\nLinux Linux ea2034416b54700e30371f2ad6517cbb94674083\nLinux Linux 2.6.37",
    "sourceHref": "",
    "cvss": {
        "score": 9.8,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Linux",
    "version": "ea2034416b54700e30371f2ad6517cbb94674083",
    "vendor": "Linux",
    "ai_description": "Off-by-one error in the dlm_match_regions() function in the ocfs2/dlm component of the Linux kernel, allowing an attacker to read one entry past the valid range of qr_regions.",
    "ai_severity": "Critical",
    "ai_vendor": "Linux",
    "ai_product": "Linux Kernel",
    "ai_version": "ea2034416b54700e30371f2ad6517cbb94674083, 2.6.37",
    "ai_score": 9.8
}