SB2026062308 - Out-of-bounds read in Linux kernel core
Published: June 23, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Out-of-bounds read (CVE-ID: CVE-2026-52910)
CWE-ID: CWE-125 - Out-of-bounds read
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to an out-of-bounds read in the reuseport cBPF program handling in sk_reuseport_prog_free() when detaching or replacing a reuseport program while UDP packets are being processed concurrently. A local user can trigger concurrent reuseport program updates and packet transmission to cause a denial of service.
The issue occurs because the classic BPF reuseport program may be freed before RCU readers have completed.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/08264d5bba0bdd3a79bc2984fee09286aba0c4eb
- https://git.kernel.org/stable/c/18fc650ccd7fe3376eca89203668cfb8268f60df
- https://git.kernel.org/stable/c/298db6167f81e9c470a57cf652e4e47757b4293e
- https://git.kernel.org/stable/c/87dfb977bdb6eaa47e9993a34e18f44970f88b1f
- https://git.kernel.org/stable/c/90e47dc5c572d1c73971ac51c7428803f42b78eb
- https://git.kernel.org/stable/c/c3e3fddda6b5d9ba505d218b4055e7d8a282ac57
- https://git.kernel.org/stable/c/f8b8f1d4bb76098e87b8269a0631019648330e6d
- https://git.kernel.org/stable/c/fec41484e7c2aa7ded44c541bba98872be937754