Off-by-One Vulnerability in Linux Kernel Multicast Context Address Compression
CVE-2026-53263

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 25 June 2026

What is CVE-2026-53263?

A vulnerability has been identified in the Linux kernel related to the multicast context address compression function, specifically in the lowpan_iphc_mcast_ctx_addr_compress() method. An off-by-one error exists where the memory copying operations do not accurately reference the appropriate memory addresses, leading to potential corruption of the RIID field in compressed multicast addresses. Additionally, because part of the data is not adequately initialized, sensitive uninitialized kernel stack memory may be unintentionally transmitted over the network. Proper remediation requires correcting the data offsets and ensuring the data array is zero-initialized to prevent similar vulnerabilities in the future.

Affected Version(s)

Linux 5609c185f24dffca5f6a9c127106869da150be03

Linux 5609c185f24dffca5f6a9c127106869da150be03 < 4485d79617520d84ba5a14515e2b5136007d6deb

References

https://git.kernel.org/stable/c/f24a58c72a45f4c109f3557a7...

https://git.kernel.org/stable/c/da8cbb64b47e9066b40af0de1...

https://git.kernel.org/stable/c/4485d79617520d84ba5a14515...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 25, 2026
Vulnerability Reserved
Jun 9, 2026

CVE-2026-53263 Data

JSON