Out-of-bounds read in Linux kernel - CVE-2026-53253
Published: June 26, 2026
Linux kernel
Detailed vulnerability description
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to an out-of-bounds read in bnep_rx_frame() and bnep_rx_control() in the BNEP packet parser when processing short BNEP frames. A remote attacker can send a specially crafted short BNEP SDU to cause a denial of service.
The issue is triggered by malformed control packets with missing fixed fields or an empty control payload.
How to mitigate CVE-2026-53253
Sources
- https://git.kernel.org/stable/c/0ef2ea86c82b2615902d085cd5a586fe9f58994f
- https://git.kernel.org/stable/c/2b83afb19293e4de700edae306115f18966dc4f9
- https://git.kernel.org/stable/c/6770d3a8acdf9151769180cc3710346c4cfbe6f0
- https://git.kernel.org/stable/c/691f14b6a48b637655755134f1e551c7c6fedc2e
- https://git.kernel.org/stable/c/be837cd09897e9e6e1958174501d467bdcbcc2bc
- https://git.kernel.org/stable/c/c893e17d2809ec9c4b3f1cdd5847cecbc27a311b
- https://git.kernel.org/stable/c/d76dec1a37122bc16d83d059c08c0512ea8de909