Out-of-bounds read in Linux kernel - CVE-2026-52917
Published: June 25, 2026
Vulnerability identifier: #VU135461
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2026-52917
CWE-ID: CWE-125
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to disclose sensitive information.
The vulnerability exists due to an out-of-bounds read in the SCTP sock_diag dump-one path when processing an exact association lookup after taking the socket lock on a stale association. A local user can trigger a stale association lookup to disclose sensitive information.
The issue occurs when association state is reaped or detached from the endpoint while the lookup path resumes after blocking on the socket lock.
How to mitigate CVE-2026-52917
Install security update from vendor's repository.
Sources
- https://git.kernel.org/stable/c/480f754580b5686b928977d16a59f20cef83ff01
- https://git.kernel.org/stable/c/5425de8bd6e9fe5bd67d158e3348171ae7510117
- https://git.kernel.org/stable/c/5eba3e48d78edd7551b992cb7ba687019b3a78da
- https://git.kernel.org/stable/c/6657af827e21883ae90693e42e7f59a6aab690b5
- https://git.kernel.org/stable/c/78c4f964b2f94e405721c093773f6250e1e676b2
- https://git.kernel.org/stable/c/b2be72d401833194917e44fbd8d8144bb4f2db16
- https://git.kernel.org/stable/c/e97c2a535e23ed0fdd2660993fb3f10d9535c9bc
- https://git.kernel.org/stable/c/f5af203dec6e0e7a6090fcc2130e9f3901bfc84d