Vulnerability in Linux Kernel's Netfilter Affects Option Handling
CVE-2026-52915

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 24 June 2026

What is CVE-2026-52915?

The vulnerability in the Linux Kernel's Netfilter affects the handling of option lists within the ip6t_hbh component. It arises from the inability to properly reject oversized options provided from userspace, potentially leading to an off-by-one array access. The struct ip6t_opts is designed with a fixed limit for option descriptors, but without sufficient validation, attackers may exploit this flaw, impacting the integrity and security of packet matching. Proper validation mechanisms have been established in the rule setup path to prevent oversized input, which is critical for maintaining the stability and security of the kernel's networking features.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 2d523ba48d4ecc46acfb6aba548292cfcce1ac02

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 588933f1a2ca5ff99274f8c9f25dc3a25d0191c3

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 784aadea7a108c9f90985683caa87fb0198c6a39

References

https://git.kernel.org/stable/c/2d523ba48d4ecc46acfb6aba5...

https://git.kernel.org/stable/c/588933f1a2ca5ff99274f8c9f...

https://git.kernel.org/stable/c/784aadea7a108c9f90985683c...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 24, 2026
Vulnerability Reserved
Jun 9, 2026

CVE-2026-52915 Data

JSON