SCTP Vulnerability in Linux Kernel
CVE-2026-52917

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 24 June 2026

What is CVE-2026-52917?

A vulnerability in the Linux kernel relates to the Stream Control Transmission Protocol (SCTP) where the socket diagnostic lookup can access stale associations. When an SCTP association is freed, the kernel may still attempt to dereference that association's state, potentially leading to an out-of-bounds read from unrelated memory regions. This bug can stem from improper handling of deleted associations and can disrupt the integrity of socket communication, elevating risks in data handling and system security. The issue has been mitigated by implementing checks to reject associations that are no longer valid.

Affected Version(s)

Linux 8f840e47f190cbe61a96945c13e9551048d42cef < 6657af827e21883ae90693e42e7f59a6aab690b5

Linux 8f840e47f190cbe61a96945c13e9551048d42cef

Linux 8f840e47f190cbe61a96945c13e9551048d42cef < 5425de8bd6e9fe5bd67d158e3348171ae7510117

References

https://git.kernel.org/stable/c/6657af827e21883ae90693e42...

https://git.kernel.org/stable/c/b2be72d401833194917e44fbd...

https://git.kernel.org/stable/c/5425de8bd6e9fe5bd67d158e3...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 24, 2026
Vulnerability Reserved
Jun 9, 2026

CVE-2026-52917 Data

JSON