Out-of-bounds read in Linux kernel - CVE-2026-52986
Published: June 25, 2026
Linux kernel
Detailed vulnerability description
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to out-of-bounds read in the nf_conntrack_sip SIP message parser when parsing non-NUL-terminated SIP packet data containing crafted port values. A remote attacker can send a specially crafted SIP packet to cause a denial of service.
The issue involves port parsing in epaddr_len(), ct_sip_parse_header_uri(), and ct_sip_parse_request(), where parsing could reach the buffer limit without a trailing character.
How to mitigate CVE-2026-52986
Sources
- https://git.kernel.org/stable/c/523762e3b6933fff81f01dfa3c60c0774044cdab
- https://git.kernel.org/stable/c/7df9863bf538a626e8a684e59cb2c43eac0ef3c8
- https://git.kernel.org/stable/c/8cd0358379570003659186706e077929d6930c40
- https://git.kernel.org/stable/c/8cf6809cddcbe301aedfc6b51bcd4944d45795f6
- https://git.kernel.org/stable/c/9c6afcb1c3cbb2c0da65b8515ac14d7273872f84
- https://git.kernel.org/stable/c/9f69c323ae0ab517e595c2cc74e0ae0d9d085611
- https://git.kernel.org/stable/c/b3264c977e79d8a25778d4fd11520f00fea1329c
- https://git.kernel.org/stable/c/ea2ecd29b8f4433e52607192ca91084f95787ca0