SB2026062651 - Off-by-one in Linux kernel 6lowpan
Published: June 26, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Off-by-one (CVE-ID: CVE-2026-53263)
CWE-ID: CWE-193 - Off-by-one Error
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to disclose sensitive information.
The vulnerability exists due to an off-by-one error in lowpan_iphc_mcast_ctx_addr_compress() when compressing multicast context addresses. A remote attacker can send network traffic that triggers the vulnerable compression path to disclose sensitive information.
Uninitialized kernel stack memory may be transmitted over the network via lowpan_push_hc_data().
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/06ce6fc106b16dec9b535950db626261be865e5b
- https://git.kernel.org/stable/c/2a58899d11009bffc7b4b32a571858f381121837
- https://git.kernel.org/stable/c/4485d79617520d84ba5a14515e2b5136007d6deb
- https://git.kernel.org/stable/c/c32f30ef5e66adbfa102348e2e8a23776eb007cb
- https://git.kernel.org/stable/c/da8808463882c3f3c357b072e25053c2121f1419
- https://git.kernel.org/stable/c/da8cbb64b47e9066b40af0de170901caf17b768c
- https://git.kernel.org/stable/c/dcb1bec1c32ee5c3878354e087cf5dbee2b7c7af
- https://git.kernel.org/stable/c/f24a58c72a45f4c109f3557a760cc4b60b7a6037