SB20260625175 - Out-of-bounds write in Linux kernel sctp
Published: June 25, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Out-of-bounds write (CVE-ID: CVE-2026-53004)
CWE-ID: CWE-787 - Out-of-bounds write
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to corrupt adjacent userspace data.
The vulnerability exists due to an out-of-bounds write in sctp_getsockopt_peer_auth_chunks when processing a getsockopt request for peer AUTH chunks with an undersized optval buffer. A local user can supply a crafted buffer length to corrupt adjacent userspace data.
Exploitation requires an SCTP association with AUTH enabled, and the overwritten bytes land in the caller's own userspace buffer rather than in kernel memory.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/0cf004ffb61cd32d140531c3a84afe975f9fc7ea
- https://git.kernel.org/stable/c/2b5a2c957c7769d40110f725cf23987fcef50d75
- https://git.kernel.org/stable/c/6849b995cda88a677bf08a05765d1db7905974fc
- https://git.kernel.org/stable/c/6bcf8fe4ef7967b22b814cbae9a57bbd3c853410
- https://git.kernel.org/stable/c/70a089cc9590aa347a61e84434116ab74619e3c3
- https://git.kernel.org/stable/c/a132e199de69e2a45628aa8534df1bf5d44e1b6e
- https://git.kernel.org/stable/c/d45c7e99caf915b0f6c716bd8ffe9d45b9685761
- https://git.kernel.org/stable/c/d67fbc6dea5dbf7f46c618ebf65910a276078e20