Out-of-bounds write in Linux kernel - CVE-2026-53004
Published: June 25, 2026
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to corrupt adjacent userspace data.
The vulnerability exists due to an out-of-bounds write in sctp_getsockopt_peer_auth_chunks when processing a getsockopt request for peer AUTH chunks with an undersized optval buffer. A local user can supply a crafted buffer length to corrupt adjacent userspace data.
Exploitation requires an SCTP association with AUTH enabled, and the overwritten bytes land in the caller's own userspace buffer rather than in kernel memory.
How to mitigate CVE-2026-53004
Sources
- https://git.kernel.org/stable/c/0cf004ffb61cd32d140531c3a84afe975f9fc7ea
- https://git.kernel.org/stable/c/2b5a2c957c7769d40110f725cf23987fcef50d75
- https://git.kernel.org/stable/c/6849b995cda88a677bf08a05765d1db7905974fc
- https://git.kernel.org/stable/c/6bcf8fe4ef7967b22b814cbae9a57bbd3c853410
- https://git.kernel.org/stable/c/70a089cc9590aa347a61e84434116ab74619e3c3
- https://git.kernel.org/stable/c/a132e199de69e2a45628aa8534df1bf5d44e1b6e
- https://git.kernel.org/stable/c/d45c7e99caf915b0f6c716bd8ffe9d45b9685761
- https://git.kernel.org/stable/c/d67fbc6dea5dbf7f46c618ebf65910a276078e20