{"id":"CVE-2026-53353","summary":"hsr: Remove WARN_ONCE() in hsr_addr_is_self().","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nhsr: Remove WARN_ONCE() in hsr_addr_is_self().\n\nsyzbot reported the warning [0] in hsr_addr_is_self(),\nwhose assumption is simply wrong.\n\nhsr-\u003eself_node is cleared in hsr_del_self_node(), which\nis called from hsr_dellink().\n\nSince dev-\u003ertnl_link_ops-\u003edellink() is called before\nunregister_netdevice_many(), there is a window when\nuser can find the device but without hsr-\u003eself_node.\n\nLet's remove WARN_ONCE() in hsr_addr_is_self().\n\n[0]:\nHSR: No self node\nWARNING: net/hsr/hsr_framereg.c:39 at hsr_addr_is_self+0x211/0x3f0 net/hsr/hsr_framereg.c:39, CPU#0: syz.4.16848/17220\nModules linked in:\nCPU: 0 UID: 0 PID: 17220 Comm: syz.4.16848 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)}\nTainted: [L]=SOFTLOCKUP\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026\nRIP: 0010:hsr_addr_is_self+0x211/0x3f0 net/hsr/hsr_framereg.c:39\nCode: 33 2f 41 0f b7 dd 89 ee 09 de 31 ff e8 c8 b4 c6 f6 09 dd 74 54 e8 0f b0 c6 f6 31 ed eb 53 e8 06 b0 c6 f6 48 8d 3d 2f 50 9c 04 \u003c67\u003e 48 0f b9 3a 31 ed eb 42 e8 c1 13 1f 00 89 c5 31 ff 89 c6 e8 96\nRSP: 0018:ffffc900041c70e0 EFLAGS: 00010283\nRAX: ffffffff8afdc6ca RBX: ffffffff8afdc4e6 RCX: 0000000000080000\nRDX: ffffc90010493000 RSI: 0000000000000948 RDI: ffffffff8f9a1700\nRBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000\nR10: ffffc900041c71e8 R11: fffff52000838e3f R12: dffffc0000000000\nR13: ffff888041f9e3c0 R14: ffff888086ee3802 R15: 0000000000000000\nFS:  00007f6fe985d6c0(0000) GS:ffff888126176000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f80bd437dac CR3: 0000000025096000 CR4: 00000000003526f0\nDR0: ffffffffffffffff DR1: 00000000000001f8 DR2: 0000000000000002\nDR3: ffffffffefffff15 DR6: 00000000ffff0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n check_local_dest net/hsr/hsr_forward.c:592 [inline]\n fill_frame_info net/hsr/hsr_forward.c:728 [inline]\n hsr_forward_skb+0xa11/0x2a80 net/hsr/hsr_forward.c:739\n hsr_dev_xmit+0x253/0x370 net/hsr/hsr_device.c:236\n __netdev_start_xmit include/linux/netdevice.h:5368 [inline]\n netdev_start_xmit include/linux/netdevice.h:5377 [inline]\n xmit_one net/core/dev.c:3888 [inline]\n dev_hard_start_xmit+0x2df/0x860 net/core/dev.c:3904\n __dev_queue_xmit+0x1428/0x3900 net/core/dev.c:4870\n neigh_output include/net/neighbour.h:556 [inline]\n ip_finish_output2+0xcec/0x10b0 net/ipv4/ip_output.c:237\n ip_send_skb net/ipv4/ip_output.c:1510 [inline]\n ip_push_pending_frames+0x8b/0x110 net/ipv4/ip_output.c:1530\n raw_sendmsg+0x1547/0x1a50 net/ipv4/raw.c:659\n sock_sendmsg_nosec net/socket.c:787 [inline]\n __sock_sendmsg net/socket.c:802 [inline]\n ____sys_sendmsg+0x7da/0x9c0 net/socket.c:2698\n ___sys_sendmsg+0x2a5/0x360 net/socket.c:2752\n __sys_sendmsg net/socket.c:2784 [inline]\n __do_sys_sendmsg net/socket.c:2789 [inline]\n __se_sys_sendmsg net/socket.c:2787 [inline]\n __x64_sys_sendmsg+0x1c3/0x2a0 net/socket.c:2787\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0x15f/0xf80 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7f6feb62ce59\nCode: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007f6fe985d028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e\nRAX: ffffffffffffffda RBX: 00007f6feb8a6090 RCX: 00007f6feb62ce59\nRDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000004\nRBP: 00007f6feb6c2d6f R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\nR13: 00007f6feb8a6128 R14: 00007f6feb8a6090 R15: 00007ffcf01cc488\n \u003c/TASK\u003e","modified":"2026-07-08T08:09:47.169554522Z","published":"2026-07-01T13:32:29.699Z","database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/53xxx/CVE-2026-53353.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/0232b6fcb7615fb7fecfe0727a23065a53e228b8"},{"type":"WEB","url":"https://git.kernel.org/stable/c/271355c2ef6171dbc815e7ae653eed63444bbd58"},{"type":"WEB","url":"https://git.kernel.org/stable/c/66a46e22396fd5d09606f37f73643eb20e99aa42"},{"type":"WEB","url":"https://git.kernel.org/stable/c/afd0f17ca46258cec3a5cc48b8df9327fe772490"},{"type":"WEB","url":"https://git.kernel.org/stable/c/d71bb171661ec0225bf4babdd4d296d744982fb3"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/53xxx/CVE-2026-53353.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-53353"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"f266a683a4804dc499efc6c2206ef68efed029d0"},{"fixed":"271355c2ef6171dbc815e7ae653eed63444bbd58"},{"fixed":"0232b6fcb7615fb7fecfe0727a23065a53e228b8"},{"fixed":"66a46e22396fd5d09606f37f73643eb20e99aa42"},{"fixed":"d71bb171661ec0225bf4babdd4d296d744982fb3"},{"fixed":"afd0f17ca46258cec3a5cc48b8df9327fe772490"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-53353.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"3.17.0"},{"fixed":"6.6.143"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.7.0"},{"fixed":"6.12.94"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.13.0"},{"fixed":"6.18.36"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.19.0"},{"fixed":"7.0.13"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-53353.json"}}],"schema_version":"1.7.5"}