SCTP Vulnerability in Linux Kernel
CVE-2026-53246

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 25 June 2026

What is CVE-2026-53246?

A vulnerability has been identified in the Linux Kernel that impacts the SCTP (Stream Control Transmission Protocol) handling mechanism. When a listening SCTP server processes a COOKIE_ECHO chunk, it improperly validates the length of the cached peer INIT chunk. This flaw allows for the possibility of reading beyond the actual data received, resulting in out-of-bounds memory reads, and potentially leading to memory corruption during the processing of parameters. To mitigate this issue, a bounds check has been implemented in the sctp_unpack_cookie() function, ensuring that the length of the cached INIT chunk does not exceed the available COOKIE_ECHO buffer data.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 0861615c28de668669d748ef4eb913ea9262d13b

References

https://git.kernel.org/stable/c/cc272185c9a9a4b7febc2de52...

https://git.kernel.org/stable/c/edccbf3d63b0a3362bc916ea7...

https://git.kernel.org/stable/c/0861615c28de668669d748ef4...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 25, 2026
Vulnerability Reserved
Jun 9, 2026

CVE-2026-53246 Data

JSON