{
  "affected": [
    {
      "ranges": [
        {
          "events": [
            {
              "introduced": "728cbac5fe219d3b8a21a0688a08f2b7f8aeda2b"
            },
            {
              "fixed": "63335e5a67d89bb7cb9b023bbb3785896587a648"
            },
            {
              "fixed": "0842186d2c4e67d2f8c8c2d1d779e8acffd41b5b"
            }
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "type": "GIT"
        },
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "42ea64e01c96e594fb4f80c54dfe4f934d008a6e"
            }
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "type": "GIT"
        },
        {
          "events": [
            {
              "introduced": "6.14.6"
            },
            {
              "fixed": "6.15"
            }
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "type": "GIT"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Linux",
        "name": "Kernel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "6.15.0"
            },
            {
              "fixed": "7.0.10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "database_specific": {
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/53xxx/CVE-2026-53124.json"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nublk: reset per-IO canceled flag on each fetch\n\nIf a ublk server starts recovering devices but dies before issuing fetch\ncommands for all IOs, cancellation of the fetch commands that were\nsuccessfully issued may never complete. This is because the per-IO\ncanceled flag can remain set even after the fetch for that IO has been\nsubmitted - the per-IO canceled flags for all IOs in a queue are reset\ntogether only once all IOs for that queue have been fetched. So if a\nnonempty proper subset of the IOs for a queue are fetched when the ublk\nserver dies, the IOs in that subset will never successfully be canceled,\nas their canceled flags remain set, and this prevents ublk_cancel_cmd\nfrom actually calling io_uring_cmd_done on the commands, despite the\nfact that they are outstanding.\n\nFix this by resetting the per-IO cancel flags immediately when each IO\nis fetched instead of waiting for all IOs for the queue (which may never\nhappen).",
  "id": "CVE-2026-53124",
  "modified": "2026-07-16T03:31:04.507458172Z",
  "published": "2026-06-24T16:30:53.268Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0842186d2c4e67d2f8c8c2d1d779e8acffd41b5b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/63335e5a67d89bb7cb9b023bbb3785896587a648"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/53xxx/CVE-2026-53124.json"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-53124"
    },
    {
      "type": "PACKAGE",
      "url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"
    }
  ],
  "schema_version": "1.8.0",
  "summary": "ublk: reset per-IO canceled flag on each fetch"
}