Out-of-bounds read in Linux kernel - CVE-2026-53224
Published: June 26, 2026
Linux kernel
Detailed vulnerability description
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to out-of-bounds read in SCTP cookie processing in sctp_unpack_cookie(), sctp_process_init(), and sctp_raw_to_bind_addrs() when handling a malformed COOKIE_ECHO containing a truncated embedded INIT chunk or malformed address parameters. A remote attacker can send a specially crafted COOKIE_ECHO to cause a denial of service.
When cookie authentication is disabled, an oversized raw address list length can also be used to trigger the out-of-bounds read condition.