CVE-2026-52929

NONE EPSS 31.2%
Published Jun 24, 20261w ago · Modified Jun 24, 20261w ago
Find Similar
Published Jun 24, 2026 1w ago
Last Modified Jun 24, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: sctp: stream: fully roll back denied add-stream state When ADD_OUT_STREAMS is denied, SCTP only shrinks the queued chunks and then lowers outcnt. That leaves removed stream metadata behind, so a later re-add can reuse a stale ext and hit a null-pointer dereference in the scheduler get path. Fix the rollback by tearing down the removed stream state the same way other stream resizes do. Unschedule the current scheduler state, drop the removed stream ext state with sctp_stream_outq_migrate(), and then reschedule the remaining streams. This keeps scheduler-private RR/FC/PRIO lists consistent while fully rolling back denied outgoing stream additions.

Threat Intelligence

EPSS Exploit Probability
31.2% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

References 8

  • git.kernel.org https://git.kernel.org/stable/c/0cd2dc6dce8ca47212cd306ccd52eb315ef3cf85
  • git.kernel.org https://git.kernel.org/stable/c/1c6773b8c081509dcd5cd2954f2b02c50c00f151
  • git.kernel.org https://git.kernel.org/stable/c/39dc2b0eb5371a669ebc9ec6072b9184eac95418
  • git.kernel.org https://git.kernel.org/stable/c/7dd9a42b044aad2dbe037db1c1e2943582485b44
  • git.kernel.org https://git.kernel.org/stable/c/9662eb0401518f0b4681f10e7fbf688f504f24cf
  • git.kernel.org https://git.kernel.org/stable/c/a5f8a90ac9f77c678a9781c0a464b635e0d63e49
  • git.kernel.org https://git.kernel.org/stable/c/a6724b7b812ac8793514a1d5938db5d9d29ae725
  • git.kernel.org https://git.kernel.org/stable/c/d5ea0b3e261fcb2cfff142675516165244cab1da

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.