SB20260625175 - Out-of-bounds write in Linux kernel sctp



SB20260625175 - Out-of-bounds write in Linux kernel sctp

Published: June 25, 2026

Security Bulletin ID SB20260625175
CSH Severity
Low
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Local access
Highest impact Data manipulation

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 vulnerability.


1) Out-of-bounds write (CVE-ID: CVE-2026-53004)

CWE-ID: CWE-787 - Out-of-bounds write

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local user to corrupt adjacent userspace data.

The vulnerability exists due to an out-of-bounds write in sctp_getsockopt_peer_auth_chunks when processing a getsockopt request for peer AUTH chunks with an undersized optval buffer. A local user can supply a crafted buffer length to corrupt adjacent userspace data.

Exploitation requires an SCTP association with AUTH enabled, and the overwritten bytes land in the caller's own userspace buffer rather than in kernel memory.


Remediation

Install update from vendor's website.