Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

CVE-2026-53346— rust: arm64: set uwtable llvm module flag for CONFIG_UNWIND_TABLES

AI Predicted 3.3 Difficulty: Theoretical EPSS 0.16% · P5

Possible ATT&CK Techniques 1AI

T1496 · Resource Hijacking

Affected Version Matrix 10

VendorProductVersion RangeStatus
LinuxLinuxd077242d68a31075ef5f5da041bf8f6fc19aa231< bde772ee239720af216fb0b14753971059e132dcaffected
d077242d68a31075ef5f5da041bf8f6fc19aa231< d0f25a1755f2c15b1746379c8d9d7dfde85f58f5affected
d077242d68a31075ef5f5da041bf8f6fc19aa231< 7de13410f59e59b21d3c268a6e22d40f5d9d8a54affected
d077242d68a31075ef5f5da041bf8f6fc19aa231< ac35b5580ace12e5d0a0b5e61e36d2c4e1ffa29caffected
6.12affected
< 6.12unaffected
6.12.94≤ 6.12.*unaffected
6.18.36≤ 6.18.*unaffected
… +2 more rows
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-53346

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
rust: arm64: set uwtable llvm module flag for CONFIG_UNWIND_TABLES
Source: NVD (National Vulnerability Database)
Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: rust: arm64: set uwtable llvm module flag for CONFIG_UNWIND_TABLES Due to a rustc bug [1] the -Cforce-unwind-tables=y flag only emits the uwtable annotation for functions, but not for the module. This means that compiler-generated functions such as 'asan.module_ctor' do not receive the uwtable annotation. When CONFIG_UNWIND_PATCH_PAC_INTO_SCS is enabled, this leads to boot failures because the dwarf information emitted for the kasan constructors is wrong, which causes the SCS boot patching code to patch the constructor in an illegal manner. Specifically, the paciasp instruction is patched, but the autiasp instruction is not. This mismatch leads to a crash when the constructor is called during boot. ================================================================== BUG: KASAN: global-out-of-bounds in do_basic_setup+0x4c/0x90 Read of size 8 at addr ffffffe3cc7eb488 by task swapper/0/1 Specifically the faulting instruction is the (*fn)() to invoke the constructor in do_ctors() of the init/main.c file. Once the fix lands in rustc, this flag can be made conditional on the rustc version. Note that passing the flag on a rustc with the fix present has no effect. [ The fix [1] has landed for Rust 1.98.0 (expected release on 2026-08-20). Thus add a version check as discussed. - Miguel ] [ Adjusted link and comment. - Miguel ]
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Linux kernel 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Linux kernel是美国Linux基金会开源的一款操作系统内核。 Linux kernel 6.12版本存在安全漏洞,该漏洞源于rustc编译器在设置uwtable LLVM模块标志时存在问题,可能导致引导失败。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
LinuxLinux d077242d68a31075ef5f5da041bf8f6fc19aa231 ~ bde772ee239720af216fb0b14753971059e132dc -
LinuxLinux 6.12 -

II. Public POCs for CVE-2026-53346

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2026-53346

登录查看更多情报信息。

Patches & Fixes for CVE-2026-53346 (4)

Same Patch Batch · Linux · 2026-07-01 · 31 CVEs total

CVE-2026-53339i2c: qcom-cci: Fix NULL pointer dereference in cci_remove()
CVE-2026-53326debugobjects: Don't call fill_pool() in early boot hardirq context
CVE-2026-53327debugobjects: Do not fill_pool() if pi_blocked_on
CVE-2026-53328sched_ext: Don't warn on NULL cgrp_moving_from in scx_cgroup_move_task()
CVE-2026-53329drm/amd/display: Use krealloc_array() in dal_vector_reserve()
CVE-2026-53330drm/amd/display: Fix out-of-bounds read in dp_get_eq_aux_rd_interval()
CVE-2026-53331slimbus: qcom-ngd-ctrl: Avoid ABBA on tx_lock/ctrl->lock
CVE-2026-53332slimbus: qcom-ngd-ctrl: Register callbacks after creating the ngd
CVE-2026-53334mm/damon/reclaim: handle ctx allocation failure
CVE-2026-53333mm/mincore: handle non-swap entries before !CONFIG_SWAP guard
CVE-2026-53335mm/damon/lru_sort: handle ctx allocation failure
CVE-2026-53336nvmem: layouts: onie-tlv: fix hang on unknown types
CVE-2026-53337net: bonding: fix NULL pointer dereference in bond_do_ioctl()
CVE-2026-53338net: airoha: Add NULL check for of_reserved_mem_lookup() in airoha_qdma_init_hfwd_queues()
CVE-2026-53340i2c: imx: fix clock and pinctrl state inconsistency in runtime PM
CVE-2026-53356drm/i915/gem: Fix phys BO pread/pwrite with offset
CVE-2026-53342arm64: mm: call pagetable dtor when freeing hot-removed page tables
CVE-2026-53341fhandle: fix UAF due to unlocked ->mnt_ns read in may_decode_fh()
CVE-2026-53343ARM: 9475/1: entry: use byte load for KASAN VMAP stack shadow
CVE-2026-53344pinctrl: mcp23s08: Initialize mcp->dev and mcp->addr before regmap init

Showing top 20 of 31 CVEs. View all on vendor page &rarr; →

IV. Related Vulnerabilities

V. Comments for CVE-2026-53346

No comments yet


Leave a comment