SB20260625271 - Out-of-bounds read in Linux kernel ipv6 netfilter
Published: June 25, 2026
Security Bulletin ID
SB20260625271
CSH Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Out-of-bounds read (CVE-ID: CVE-2026-52915)
CWE-ID: CWE-125 - Out-of-bounds read
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to an out-of-bounds read in hbh_mt6_check() in net/ipv6/netfilter/ip6t_hbh.c when processing user-supplied rule setup data. A local user can supply an oversized option list to cause a denial of service.
The issue is triggered because the fixed-size opts array stores at most 16 option descriptors.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/2d523ba48d4ecc46acfb6aba548292cfcce1ac02
- https://git.kernel.org/stable/c/41ec2e242f1702e8370ddfe14d22b7a766021c3e
- https://git.kernel.org/stable/c/4322dcde6b4173c2d8e8e6118ed290794263bcc8
- https://git.kernel.org/stable/c/57b0ac5e1b46f1f0338dff392ef2092e2871b412
- https://git.kernel.org/stable/c/588933f1a2ca5ff99274f8c9f25dc3a25d0191c3
- https://git.kernel.org/stable/c/6feb43c0995ab3a9c826707eb46541a1696fe4f7
- https://git.kernel.org/stable/c/784aadea7a108c9f90985683caa87fb0198c6a39
- https://git.kernel.org/stable/c/db0250470f023f159094052c0bd5ab026a88ae93