SB20260626116 - Information disclosure in Linux kernel ipv6 netfilter



SB20260626116 - Information disclosure in Linux kernel ipv6 netfilter

Published: June 26, 2026

Security Bulletin ID SB20260626116
CSH Severity
Low
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Local access
Highest impact Information disclosure

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 vulnerability.


1) Information disclosure (CVE-ID: CVE-2026-53219)

CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local user to disclose sensitive information.

The vulnerability exists due to improper handling of partially failed copy_to_user operations in x_tables get-entries implementations when copying rule entries to userspace. A local user can provide a userspace buffer that faults during the initial header copy to disclose sensitive information.

On SMP kernels, the leaked value is the internal percpu counter allocation pointer. The issue affects the IPv4, IPv6, and ARP native and compat get-entries paths.


Remediation

Install update from vendor's website.