๐Ÿ” CVE Alert

CVE-2026-52915

UNKNOWN 0.0

netfilter: ip6t_hbh: reject oversized option lists

CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th

In the Linux kernel, the following vulnerability has been resolved: netfilter: ip6t_hbh: reject oversized option lists struct ip6t_opts stores at most IP6T_OPTS_OPTSNR option descriptors, but hbh_mt6_check() does not reject larger optsnr values supplied from userspace. Validate optsnr in the rule setup path so only match data that fits the fixed-size opts array can be installed. This follows the existing xtables pattern of rejecting invalid user-provided counts in checkentry() and keeps the packet matching path unchanged. `struct ip6t_opts` has a fixed `opts[IP6T_OPTS_OPTSNR]` array, where `IP6T_OPTS_OPTSNR` is 16, then off-by-one array access is possible: [ 137.924693][ T8692] UBSAN: array-index-out-of-bounds in ../net/ipv6/netfilter/ip6t_hbh.c:110:29 [ 137.926167][ T8692] index 16 is out of range for type '__u16 [16]'

Vendor linux
Product linux
Ecosystems
Industries
Technology
Published Jun 24, 2026
Stay Ahead of the Next One

Get instant alerts for linux linux

Be the first to know when new unknown vulnerabilities affecting linux linux are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

Affected Versions

Linux / Linux
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 2d523ba48d4ecc46acfb6aba548292cfcce1ac02 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 588933f1a2ca5ff99274f8c9f25dc3a25d0191c3 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 784aadea7a108c9f90985683caa87fb0198c6a39 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 41ec2e242f1702e8370ddfe14d22b7a766021c3e 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < db0250470f023f159094052c0bd5ab026a88ae93 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 57b0ac5e1b46f1f0338dff392ef2092e2871b412 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 6feb43c0995ab3a9c826707eb46541a1696fe4f7 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 4322dcde6b4173c2d8e8e6118ed290794263bcc8
Linux / Linux
2.6.12

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
git.kernel.org: https://git.kernel.org/stable/c/2d523ba48d4ecc46acfb6aba548292cfcce1ac02 git.kernel.org: https://git.kernel.org/stable/c/588933f1a2ca5ff99274f8c9f25dc3a25d0191c3 git.kernel.org: https://git.kernel.org/stable/c/784aadea7a108c9f90985683caa87fb0198c6a39 git.kernel.org: https://git.kernel.org/stable/c/41ec2e242f1702e8370ddfe14d22b7a766021c3e git.kernel.org: https://git.kernel.org/stable/c/db0250470f023f159094052c0bd5ab026a88ae93 git.kernel.org: https://git.kernel.org/stable/c/57b0ac5e1b46f1f0338dff392ef2092e2871b412 git.kernel.org: https://git.kernel.org/stable/c/6feb43c0995ab3a9c826707eb46541a1696fe4f7 git.kernel.org: https://git.kernel.org/stable/c/4322dcde6b4173c2d8e8e6118ed290794263bcc8