CVE & CISA-KEV Catalog

CVE-2026-52917

MEDIUM
7.1
CVSS v3
NVD

Description

In the Linux kernel, the following vulnerability has been resolved: sctp: diag: reject stale associations in dump_one path The SCTP exact sock_diag lookup can hold a transport reference, block on lock_sock(sk), and then resume after sctp_association_free() has marked the association dead and freed its bind address list. When that happens, inet_assoc_attr_size() and inet_diag_msg_sctpasoc_fill() can still dereference association state that is no longer valid for reporting. In particular, inet_diag_msg_sctpasoc_fill() may read an empty bind-address list as a real sctp_sockaddr_entry and trigger an out-of-bounds read from unrelated association memory. Reject the association after taking the socket lock if it has been reaped or detached from the endpoint, and report the lookup as stale. This keeps the exact dump-one path from formatting torn association state.

How to fix

Remediation Available
linuxDebian
Fixed in:5.10.259-1CVE-2026-52917
Fixed in:6.1.176-1CVE-2026-52917
Fixed in:6.12.94-1CVE-2026-52917
Fixed in:7.0.13-1CVE-2026-52917

Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.

CVSS v3 Vector

Exploitability

Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged

Impact

ConfidentialityHigh
IntegrityNone
AvailabilityHigh

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U

Exploit Intelligence

0.13%probability of exploitation in 30 days
3rdpercentile

Low risk: more likely to be exploited than 3% of all known CVEs.

References

Embed a live status badge for CVE-2026-52917
CVE-2026-52917 severity badge

Markdown

[![CVE-2026-52917](https://tridentstack.com/cve/badge/CVE-2026-52917.svg)](https://tridentstack.com/cve/CVE-2026-52917)

HTML

<a href="https://tridentstack.com/cve/CVE-2026-52917"><img src="https://tridentstack.com/cve/badge/CVE-2026-52917.svg" alt="CVE-2026-52917"></a>

Find and fix vulnerabilities across your fleet

TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.

Start free

This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2026-06-28.