SB20260625275 - Out-of-bounds read in Linux kernel sctp
Published: June 25, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Out-of-bounds read (CVE-ID: CVE-2026-52917)
CWE-ID: CWE-125 - Out-of-bounds read
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to disclose sensitive information.
The vulnerability exists due to an out-of-bounds read in the SCTP sock_diag dump-one path when processing an exact association lookup after taking the socket lock on a stale association. A local user can trigger a stale association lookup to disclose sensitive information.
The issue occurs when association state is reaped or detached from the endpoint while the lookup path resumes after blocking on the socket lock.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/480f754580b5686b928977d16a59f20cef83ff01
- https://git.kernel.org/stable/c/5425de8bd6e9fe5bd67d158e3348171ae7510117
- https://git.kernel.org/stable/c/5eba3e48d78edd7551b992cb7ba687019b3a78da
- https://git.kernel.org/stable/c/6657af827e21883ae90693e42e7f59a6aab690b5
- https://git.kernel.org/stable/c/78c4f964b2f94e405721c093773f6250e1e676b2
- https://git.kernel.org/stable/c/b2be72d401833194917e44fbd8d8144bb4f2db16
- https://git.kernel.org/stable/c/e97c2a535e23ed0fdd2660993fb3f10d9535c9bc
- https://git.kernel.org/stable/c/f5af203dec6e0e7a6090fcc2130e9f3901bfc84d