Off-by-one in Linux kernel - CVE-2026-53263
Published: June 26, 2026
Linux kernel
Detailed vulnerability description
The vulnerability allows a remote attacker to disclose sensitive information.
The vulnerability exists due to an off-by-one error in lowpan_iphc_mcast_ctx_addr_compress() when compressing multicast context addresses. A remote attacker can send network traffic that triggers the vulnerable compression path to disclose sensitive information.
Uninitialized kernel stack memory may be transmitted over the network via lowpan_push_hc_data().
How to mitigate CVE-2026-53263
Sources
- https://git.kernel.org/stable/c/06ce6fc106b16dec9b535950db626261be865e5b
- https://git.kernel.org/stable/c/2a58899d11009bffc7b4b32a571858f381121837
- https://git.kernel.org/stable/c/4485d79617520d84ba5a14515e2b5136007d6deb
- https://git.kernel.org/stable/c/c32f30ef5e66adbfa102348e2e8a23776eb007cb
- https://git.kernel.org/stable/c/da8808463882c3f3c357b072e25053c2121f1419
- https://git.kernel.org/stable/c/da8cbb64b47e9066b40af0de170901caf17b768c
- https://git.kernel.org/stable/c/dcb1bec1c32ee5c3878354e087cf5dbee2b7c7af
- https://git.kernel.org/stable/c/f24a58c72a45f4c109f3557a760cc4b60b7a6037