Improper handling of exceptional conditions in Linux kernel - CVE-2026-53292
Published: June 29, 2026
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to improper exception handling in pn_socket_autobind() in net/phonet/socket.c when handling socket autobind during send operations. A local user can trigger a failed bind condition that reaches a BUG_ON() assertion to cause a denial of service.
The issue is reachable from a user-triggerable path and can panic the kernel when pn_socket_bind() returns -EINVAL while the socket port remains unset.