Use of Uninitialized Variable in Linux kernel - CVE-2026-53082
Published: June 25, 2026
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to an uninitialized value read in sixpack_receive_buf() and sixpack_decode() in the 6pack hamradio driver when processing TTY input with error-flagged bytes. A local user can supply crafted input containing TTY error conditions to cause a denial of service.
The issue occurs because bytes marked with TTY error flags are not skipped correctly before decoding.
How to mitigate CVE-2026-53082
Sources
- https://git.kernel.org/stable/c/1d3abf0c3ddeefc6f6d913aa129acc06fce8240a
- https://git.kernel.org/stable/c/2951656b0de00153f2687f3a093890bce72b6215
- https://git.kernel.org/stable/c/578f3aba427c938fecfa0d8c83d9acb213a9b24a
- https://git.kernel.org/stable/c/987af7625ceb1ee59d70eb0abd7af11c75e45d79
- https://git.kernel.org/stable/c/bf9a38803b2626b01cc769aaf13485d8650f576f
- https://git.kernel.org/stable/c/d4cceb5184538613572fb79319453f281b1eeacb
- https://git.kernel.org/stable/c/d9ce2a4b679122397d7f35bad7be46913ad1ca80
- https://git.kernel.org/stable/c/e9cf4018d74237d142cd66243c821d13593270f0