Information Disclosure in Linux Kernel Affecting Multiple Networking Components
CVE-2026-52937

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 24 June 2026

What is CVE-2026-52937?

A vulnerability in the Linux kernel allows information disclosure through an uninitialized stack data leak in the SIOCGIFHWADDR path. The function tap_ioctl() copies an on-stack struct sockaddr_storage to user space, but due to improper initialization, users can access uninitialized trailing bytes. This flaw can expose sensitive kernel stack contents, undermining Kernel Address Space Layout Randomization (KASLR) defenses. The vulnerability has been addressed by initializing the stack struct at declaration to prevent any inadvertent exposure of critical information.

Affected Version(s)

Linux 3b23a32a63219f51a5298bc55a65ecee866e79d0 < 719007c3492f0f1f9e9cdbed8ac45ba45bb13eeb

Linux 3b23a32a63219f51a5298bc55a65ecee866e79d0 < 05305e832be7b9d65b2b72caacf7d850b3942b2a

Linux 3b23a32a63219f51a5298bc55a65ecee866e79d0

References

https://git.kernel.org/stable/c/719007c3492f0f1f9e9cdbed8...

https://git.kernel.org/stable/c/05305e832be7b9d65b2b72caa...

https://git.kernel.org/stable/c/bddc09212c24934643bd44fc7...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 24, 2026
Vulnerability Reserved
Jun 9, 2026

CVE-2026-52937 Data

JSON