PT-2026-52358 · Linux · Linux
Publicado
2026-06-25
·
Atualizado
2026-06-25
·
CVE-2026-53263
Nenhuma
Não há classificações de severidade ou métricas disponíveis. Quando houver, atualizaremos as informações correspondentes na página.
In the Linux kernel, the following vulnerability has been resolved:
6lowpan: fix off-by-one in multicast context address compression
The second memcpy in lowpan iphc mcast ctx addr compress() uses
&data[1] as destination and &ipaddr->s6 addr[11] as source, but
both should be offset by one: &data[2] and &ipaddr->s6 addr[12]
respectively.
This off-by-one has two consequences:
- data[1] is overwritten with s6 addr[11], corrupting the RIID field in the compressed multicast address
- data[5] is never written, so uninitialized kernel stack memory is transmitted over the network via lowpan push hc data(), leaking kernel stack contents
The correct inline data layout must match what the decompression
function lowpan uncompress multicast ctx daddr() expects:
data[0..1] = s6 addr[1..2] (flags/scope + RIID)
data[2..5] = s6 addr[12..15] (group ID)
Also zero-initialize the data array as a defensive measure against
similar bugs in the future.
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Linux