NULL pointer dereference in Linux kernel - CVE-2026-52929
Published: June 25, 2026
Linux kernel
Detailed vulnerability description
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to a null-pointer dereference in the SCTP stream scheduler state handling in net/sctp/stream.c when processing a denied ADD_OUT_STREAMS operation and a later stream re-add. A remote attacker can trigger SCTP stream reset operations that leave stale removed stream metadata behind to cause a denial of service.
The issue occurs because removed outgoing stream state is not fully rolled back, leaving scheduler-private stream metadata inconsistent for later reuse.
How to mitigate CVE-2026-52929
Sources
- https://git.kernel.org/stable/c/0cd2dc6dce8ca47212cd306ccd52eb315ef3cf85
- https://git.kernel.org/stable/c/1c6773b8c081509dcd5cd2954f2b02c50c00f151
- https://git.kernel.org/stable/c/39dc2b0eb5371a669ebc9ec6072b9184eac95418
- https://git.kernel.org/stable/c/7dd9a42b044aad2dbe037db1c1e2943582485b44
- https://git.kernel.org/stable/c/9662eb0401518f0b4681f10e7fbf688f504f24cf
- https://git.kernel.org/stable/c/a5f8a90ac9f77c678a9781c0a464b635e0d63e49
- https://git.kernel.org/stable/c/a6724b7b812ac8793514a1d5938db5d9d29ae725
- https://git.kernel.org/stable/c/d5ea0b3e261fcb2cfff142675516165244cab1da