SB20260625252 - NULL pointer dereference in Linux kernel sctp
Published: June 25, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) NULL pointer dereference (CVE-ID: CVE-2026-52929)
CWE-ID: CWE-476 - NULL Pointer Dereference
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to a null-pointer dereference in the SCTP stream scheduler state handling in net/sctp/stream.c when processing a denied ADD_OUT_STREAMS operation and a later stream re-add. A remote attacker can trigger SCTP stream reset operations that leave stale removed stream metadata behind to cause a denial of service.
The issue occurs because removed outgoing stream state is not fully rolled back, leaving scheduler-private stream metadata inconsistent for later reuse.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/0cd2dc6dce8ca47212cd306ccd52eb315ef3cf85
- https://git.kernel.org/stable/c/1c6773b8c081509dcd5cd2954f2b02c50c00f151
- https://git.kernel.org/stable/c/39dc2b0eb5371a669ebc9ec6072b9184eac95418
- https://git.kernel.org/stable/c/7dd9a42b044aad2dbe037db1c1e2943582485b44
- https://git.kernel.org/stable/c/9662eb0401518f0b4681f10e7fbf688f504f24cf
- https://git.kernel.org/stable/c/a5f8a90ac9f77c678a9781c0a464b635e0d63e49
- https://git.kernel.org/stable/c/a6724b7b812ac8793514a1d5938db5d9d29ae725
- https://git.kernel.org/stable/c/d5ea0b3e261fcb2cfff142675516165244cab1da