Out-of-bounds write in Linux kernel - CVE-2026-53004

 

Out-of-bounds write in Linux kernel - CVE-2026-53004

Published: June 25, 2026


Vulnerability identifier: #VU135367
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2026-53004
CWE-ID: CWE-787
Exploitation vector: Local access
Exploit availability: No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel

Detailed vulnerability description

The vulnerability allows a local user to corrupt adjacent userspace data.

The vulnerability exists due to an out-of-bounds write in sctp_getsockopt_peer_auth_chunks when processing a getsockopt request for peer AUTH chunks with an undersized optval buffer. A local user can supply a crafted buffer length to corrupt adjacent userspace data.

Exploitation requires an SCTP association with AUTH enabled, and the overwritten bytes land in the caller's own userspace buffer rather than in kernel memory.


How to mitigate CVE-2026-53004

Install security update from vendor's repository.

Sources