Stream Management Flaw in Linux Kernel Affects Scheduling Functionality
CVE-2026-52929

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 24 June 2026

What is CVE-2026-52929?

A flaw in the Linux kernel's Stream Control Transmission Protocol (SCTP) handling allows for a potential null-pointer dereference in the scheduler during outgoing stream management. When an ADD_OUT_STREAMS request is denied, the current implementation only reduces queued chunks and adjusts the outgoing count, leaving behind stale metadata. This can lead to instability if a subsequent re-add tries to reuse the outdated state. To mitigate this issue, the system needs to properly tear down the removed stream state and consistently update the scheduler's streams. The recommended fix ensures that the stream state is correctly managed, maintaining the integrity of scheduler-specific lists.

Affected Version(s)

Linux 637784ade221a3c8a7ecd0f583eddd95d6276b9a < 0cd2dc6dce8ca47212cd306ccd52eb315ef3cf85

Linux 637784ade221a3c8a7ecd0f583eddd95d6276b9a

Linux 637784ade221a3c8a7ecd0f583eddd95d6276b9a < 9662eb0401518f0b4681f10e7fbf688f504f24cf

References

https://git.kernel.org/stable/c/0cd2dc6dce8ca47212cd306cc...

https://git.kernel.org/stable/c/a6724b7b812ac8793514a1d59...

https://git.kernel.org/stable/c/9662eb0401518f0b4681f10e7...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 24, 2026
Vulnerability Reserved
Jun 9, 2026

CVE-2026-52929 Data

JSON