Vulnerability-Lookup

CVE-2026-52916 (GCVE-0-2026-52916)

Vulnerability from cvelistv5 – Published: 2026-06-24 07:14 – Updated: 2026-06-24 07:14

Title

batman-adv: frag: disallow unicast fragment in fragment

Summary

In the Linux kernel, the following vulnerability has been resolved: batman-adv: frag: disallow unicast fragment in fragment batadv_frag_skb_buffer() is called by batadv_batman_skb_recv() when a BATADV_UNICAST_FRAG packet is received. Once all fragments are collected and the packet is reassembled, batadv_recv_frag_packet() calls batadv_batman_skb_recv() again to process the defragmented payload. A malicious sender can craft a BATADV_UNICAST_FRAG packet whose reassembled payload is itself a BATADV_UNICAST_FRAG packet (matryoshka-style nesting). Each nesting level recurses through batadv_batman_skb_recv() without bound, growing the kernel stack until it is exhausted. Since refragmentation or fragments in fragments are not actually allowed, discard all packets which are still BATADV_UNICAST_FRAG packets after the defragmentation process.

Severity

No CVSS data available.

Assigner

Linux

References

8 references

URL	Tags
https://git.kernel.org/stable/c/0c208fa3859e3a33a…
https://git.kernel.org/stable/c/bcda4814dc6524283…
https://git.kernel.org/stable/c/aea54d0bbe156d5ab…
https://git.kernel.org/stable/c/b54e459cf86943583…
https://git.kernel.org/stable/c/5418be6c2e117bf8a…
https://git.kernel.org/stable/c/5895ad21c7059a652…
https://git.kernel.org/stable/c/7138c35c9ad39a2fc…
https://git.kernel.org/stable/c/bc62216dc8e221e37…

Impacted products

2 products

Vendor	Product	Version
Linux	Linux	Affected: 610bfc6bc99bc83680d190ebc69359a05fc7f605 , < 0c208fa3859e3a33a1c38bebc41d021166e94ac8 (git) Affected: 610bfc6bc99bc83680d190ebc69359a05fc7f605 , < bcda4814dc6524283c0b958882cb963d75fe411d (git) Affected: 610bfc6bc99bc83680d190ebc69359a05fc7f605 , < aea54d0bbe156d5ab7d00d68f66149ff41f4612a (git) Affected: 610bfc6bc99bc83680d190ebc69359a05fc7f605 , < b54e459cf86943583c1aa2ee3081874e7ab1f5f3 (git) Affected: 610bfc6bc99bc83680d190ebc69359a05fc7f605 , < 5418be6c2e117bf8a316582795a8e3ff90f45e5d (git) Affected: 610bfc6bc99bc83680d190ebc69359a05fc7f605 , < 5895ad21c7059a652da83fb817510f7a1e962abf (git) Affected: 610bfc6bc99bc83680d190ebc69359a05fc7f605 , < 7138c35c9ad39a2fca6264af6b87466471f04ffc (git) Affected: 610bfc6bc99bc83680d190ebc69359a05fc7f605 , < bc62216dc8e221e3781afa14430f45208bfa9af9 (git)
Linux	Linux	Affected: 3.13 Unaffected: 0 , < 3.13 (semver) Unaffected: 5.10.258 , ≤ 5.10.* (semver) Unaffected: 5.15.209 , ≤ 5.15.* (semver) Unaffected: 6.1.175 , ≤ 6.1.* (semver) Unaffected: 6.6.142 , ≤ 6.6.* (semver) Unaffected: 6.12.92 , ≤ 6.12.* (semver) Unaffected: 6.18.34 , ≤ 6.18.* (semver) Unaffected: 7.0.11 , ≤ 7.0.* (semver) Unaffected: 7.1 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/batman-adv/fragmentation.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "0c208fa3859e3a33a1c38bebc41d021166e94ac8",
              "status": "affected",
              "version": "610bfc6bc99bc83680d190ebc69359a05fc7f605",
              "versionType": "git"
            },
            {
              "lessThan": "bcda4814dc6524283c0b958882cb963d75fe411d",
              "status": "affected",
              "version": "610bfc6bc99bc83680d190ebc69359a05fc7f605",
              "versionType": "git"
            },
            {
              "lessThan": "aea54d0bbe156d5ab7d00d68f66149ff41f4612a",
              "status": "affected",
              "version": "610bfc6bc99bc83680d190ebc69359a05fc7f605",
              "versionType": "git"
            },
            {
              "lessThan": "b54e459cf86943583c1aa2ee3081874e7ab1f5f3",
              "status": "affected",
              "version": "610bfc6bc99bc83680d190ebc69359a05fc7f605",
              "versionType": "git"
            },
            {
              "lessThan": "5418be6c2e117bf8a316582795a8e3ff90f45e5d",
              "status": "affected",
              "version": "610bfc6bc99bc83680d190ebc69359a05fc7f605",
              "versionType": "git"
            },
            {
              "lessThan": "5895ad21c7059a652da83fb817510f7a1e962abf",
              "status": "affected",
              "version": "610bfc6bc99bc83680d190ebc69359a05fc7f605",
              "versionType": "git"
            },
            {
              "lessThan": "7138c35c9ad39a2fca6264af6b87466471f04ffc",
              "status": "affected",
              "version": "610bfc6bc99bc83680d190ebc69359a05fc7f605",
              "versionType": "git"
            },
            {
              "lessThan": "bc62216dc8e221e3781afa14430f45208bfa9af9",
              "status": "affected",
              "version": "610bfc6bc99bc83680d190ebc69359a05fc7f605",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/batman-adv/fragmentation.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.13"
            },
            {
              "lessThan": "3.13",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.258",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.209",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.175",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.142",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.92",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.18.*",
              "status": "unaffected",
              "version": "6.18.34",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.*",
              "status": "unaffected",
              "version": "7.0.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "7.1",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.258",
                  "versionStartIncluding": "3.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.209",
                  "versionStartIncluding": "3.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.175",
                  "versionStartIncluding": "3.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.142",
                  "versionStartIncluding": "3.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.92",
                  "versionStartIncluding": "3.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.18.34",
                  "versionStartIncluding": "3.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "7.0.11",
                  "versionStartIncluding": "3.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "7.1",
                  "versionStartIncluding": "3.13",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbatman-adv: frag: disallow unicast fragment in fragment\n\nbatadv_frag_skb_buffer() is called by batadv_batman_skb_recv() when a\nBATADV_UNICAST_FRAG packet is received. Once all fragments are collected\nand the packet is reassembled, batadv_recv_frag_packet() calls\nbatadv_batman_skb_recv() again to process the defragmented payload.\n\nA malicious sender can craft a BATADV_UNICAST_FRAG packet whose reassembled\npayload is itself a BATADV_UNICAST_FRAG packet (matryoshka-style nesting).\nEach nesting level recurses through batadv_batman_skb_recv() without bound,\ngrowing the kernel stack until it is exhausted.\n\nSince refragmentation or fragments in fragments are not actually allowed,\ndiscard all packets which are still BATADV_UNICAST_FRAG packets after the\ndefragmentation process."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-24T07:14:13.221Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/0c208fa3859e3a33a1c38bebc41d021166e94ac8"
        },
        {
          "url": "https://git.kernel.org/stable/c/bcda4814dc6524283c0b958882cb963d75fe411d"
        },
        {
          "url": "https://git.kernel.org/stable/c/aea54d0bbe156d5ab7d00d68f66149ff41f4612a"
        },
        {
          "url": "https://git.kernel.org/stable/c/b54e459cf86943583c1aa2ee3081874e7ab1f5f3"
        },
        {
          "url": "https://git.kernel.org/stable/c/5418be6c2e117bf8a316582795a8e3ff90f45e5d"
        },
        {
          "url": "https://git.kernel.org/stable/c/5895ad21c7059a652da83fb817510f7a1e962abf"
        },
        {
          "url": "https://git.kernel.org/stable/c/7138c35c9ad39a2fca6264af6b87466471f04ffc"
        },
        {
          "url": "https://git.kernel.org/stable/c/bc62216dc8e221e3781afa14430f45208bfa9af9"
        }
      ],
      "title": "batman-adv: frag: disallow unicast fragment in fragment",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2026-52916",
    "datePublished": "2026-06-24T07:14:13.221Z",
    "dateReserved": "2026-06-09T07:44:35.367Z",
    "dateUpdated": "2026-06-24T07:14:13.221Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2026-52916",
      "date": "2026-06-29",
      "epss": "0.00177",
      "percentile": "0.0745"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2026-52916\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2026-06-24T08:16:21.463\",\"lastModified\":\"2026-06-24T08:16:21.463\",\"vulnStatus\":\"Received\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nbatman-adv: frag: disallow unicast fragment in fragment\\n\\nbatadv_frag_skb_buffer() is called by batadv_batman_skb_recv() when a\\nBATADV_UNICAST_FRAG packet is received. Once all fragments are collected\\nand the packet is reassembled, batadv_recv_frag_packet() calls\\nbatadv_batman_skb_recv() again to process the defragmented payload.\\n\\nA malicious sender can craft a BATADV_UNICAST_FRAG packet whose reassembled\\npayload is itself a BATADV_UNICAST_FRAG packet (matryoshka-style nesting).\\nEach nesting level recurses through batadv_batman_skb_recv() without bound,\\ngrowing the kernel stack until it is exhausted.\\n\\nSince refragmentation or fragments in fragments are not actually allowed,\\ndiscard all packets which are still BATADV_UNICAST_FRAG packets after the\\ndefragmentation process.\"}],\"affected\":[{\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"affectedData\":[{\"vendor\":\"Linux\",\"product\":\"Linux\",\"defaultStatus\":\"unaffected\",\"programFiles\":[\"net/batman-adv/fragmentation.c\"],\"repo\":\"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\",\"versions\":[{\"version\":\"610bfc6bc99bc83680d190ebc69359a05fc7f605\",\"lessThan\":\"0c208fa3859e3a33a1c38bebc41d021166e94ac8\",\"versionType\":\"git\",\"status\":\"affected\"},{\"version\":\"610bfc6bc99bc83680d190ebc69359a05fc7f605\",\"lessThan\":\"bcda4814dc6524283c0b958882cb963d75fe411d\",\"versionType\":\"git\",\"status\":\"affected\"},{\"version\":\"610bfc6bc99bc83680d190ebc69359a05fc7f605\",\"lessThan\":\"aea54d0bbe156d5ab7d00d68f66149ff41f4612a\",\"versionType\":\"git\",\"status\":\"affected\"},{\"version\":\"610bfc6bc99bc83680d190ebc69359a05fc7f605\",\"lessThan\":\"b54e459cf86943583c1aa2ee3081874e7ab1f5f3\",\"versionType\":\"git\",\"status\":\"affected\"},{\"version\":\"610bfc6bc99bc83680d190ebc69359a05fc7f605\",\"lessThan\":\"5418be6c2e117bf8a316582795a8e3ff90f45e5d\",\"versionType\":\"git\",\"status\":\"affected\"},{\"version\":\"610bfc6bc99bc83680d190ebc69359a05fc7f605\",\"lessThan\":\"5895ad21c7059a652da83fb817510f7a1e962abf\",\"versionType\":\"git\",\"status\":\"affected\"},{\"version\":\"610bfc6bc99bc83680d190ebc69359a05fc7f605\",\"lessThan\":\"7138c35c9ad39a2fca6264af6b87466471f04ffc\",\"versionType\":\"git\",\"status\":\"affected\"},{\"version\":\"610bfc6bc99bc83680d190ebc69359a05fc7f605\",\"lessThan\":\"bc62216dc8e221e3781afa14430f45208bfa9af9\",\"versionType\":\"git\",\"status\":\"affected\"}]},{\"vendor\":\"Linux\",\"product\":\"Linux\",\"defaultStatus\":\"affected\",\"programFiles\":[\"net/batman-adv/fragmentation.c\"],\"repo\":\"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\",\"versions\":[{\"version\":\"3.13\",\"status\":\"affected\"},{\"version\":\"0\",\"lessThan\":\"3.13\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"5.10.258\",\"lessThanOrEqual\":\"5.10.*\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"5.15.209\",\"lessThanOrEqual\":\"5.15.*\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"6.1.175\",\"lessThanOrEqual\":\"6.1.*\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"6.6.142\",\"lessThanOrEqual\":\"6.6.*\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"6.12.92\",\"lessThanOrEqual\":\"6.12.*\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"6.18.34\",\"lessThanOrEqual\":\"6.18.*\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"7.0.11\",\"lessThanOrEqual\":\"7.0.*\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"7.1\",\"lessThanOrEqual\":\"*\",\"versionType\":\"original_commit_for_fix\",\"status\":\"unaffected\"}]}]}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/0c208fa3859e3a33a1c38bebc41d021166e94ac8\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/5418be6c2e117bf8a316582795a8e3ff90f45e5d\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/5895ad21c7059a652da83fb817510f7a1e962abf\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/7138c35c9ad39a2fca6264af6b87466471f04ffc\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/aea54d0bbe156d5ab7d00d68f66149ff41f4612a\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/b54e459cf86943583c1aa2ee3081874e7ab1f5f3\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/bc62216dc8e221e3781afa14430f45208bfa9af9\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/bcda4814dc6524283c0b958882cb963d75fe411d\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
  }
}

CERTFR-2026-AVI-0812

Vulnerability from certfr_avis - Published: 2026-06-29 - Updated: 2026-06-29

De multiples vulnérabilités ont été découvertes dans Microsoft Azure Linux. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Microsoft	Azure Linux	azl3 libssh2 1.11.1-2 versions antérieures à 1.11.1-3
Microsoft	Azure Linux	azl3 libssh2 1.11.1-3 versions antérieures à 1.11.1-3
Microsoft	Azure Linux	azl3 nodejs 24.14.1-3 versions antérieures à 24.17.0-1
Microsoft	Azure Linux	azl3 kernel 6.6.141.1-1 versions antérieures à 6.6.143.1-1

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft CVE-2026-53215	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53209	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-52912	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-9697	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53080	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53247	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53218	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53221	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53255	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-52926	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-52916	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-52924	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53239	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53254	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-9675	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-52930	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-52941	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53236	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53176	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-52942	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53268	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53266	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53160	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53148	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53270	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53217	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-52934	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53253	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-52943	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53227	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53182	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53230	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53186	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53184	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53161	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-52923	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53237	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53213	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-52947	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53245	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-52922	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53159	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53150	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53275	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53133	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53264	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53267	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53265	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53196	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53219	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53149	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53242	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53146	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53252	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53194	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-52919	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-52931	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-52921	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53181	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53154	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-52913	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53135	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53183	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53249	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53228	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53147	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53143	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53158	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-52915	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53238	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53263	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53207	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53225	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53214	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-55200	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53177	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53199	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-52927	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53274	2026-06-27	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "azl3 libssh2 1.11.1-2 versions ant\u00e9rieures \u00e0 1.11.1-3",
      "product": {
        "name": "Azure Linux",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 libssh2 1.11.1-3 versions ant\u00e9rieures \u00e0 1.11.1-3",
      "product": {
        "name": "Azure Linux",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 nodejs 24.14.1-3 versions ant\u00e9rieures \u00e0 24.17.0-1",
      "product": {
        "name": "Azure Linux",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 kernel 6.6.141.1-1 versions ant\u00e9rieures \u00e0 6.6.143.1-1",
      "product": {
        "name": "Azure Linux",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2026-9697",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-9697"
    },
    {
      "name": "CVE-2026-53230",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53230"
    },
    {
      "name": "CVE-2026-52934",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-52934"
    },
    {
      "name": "CVE-2026-53214",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53214"
    },
    {
      "name": "CVE-2026-53274",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53274"
    },
    {
      "name": "CVE-2026-52947",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-52947"
    },
    {
      "name": "CVE-2026-53218",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53218"
    },
    {
      "name": "CVE-2026-53143",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53143"
    },
    {
      "name": "CVE-2026-53161",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53161"
    },
    {
      "name": "CVE-2026-52924",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-52924"
    },
    {
      "name": "CVE-2026-53227",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53227"
    },
    {
      "name": "CVE-2026-53239",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53239"
    },
    {
      "name": "CVE-2026-53181",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53181"
    },
    {
      "name": "CVE-2026-52943",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-52943"
    },
    {
      "name": "CVE-2026-52915",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-52915"
    },
    {
      "name": "CVE-2026-53146",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53146"
    },
    {
      "name": "CVE-2026-52913",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-52913"
    },
    {
      "name": "CVE-2026-52941",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-52941"
    },
    {
      "name": "CVE-2026-53150",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53150"
    },
    {
      "name": "CVE-2026-53147",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53147"
    },
    {
      "name": "CVE-2026-52942",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-52942"
    },
    {
      "name": "CVE-2026-53183",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53183"
    },
    {
      "name": "CVE-2026-52931",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-52931"
    },
    {
      "name": "CVE-2026-52919",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-52919"
    },
    {
      "name": "CVE-2026-53266",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53266"
    },
    {
      "name": "CVE-2026-53149",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53149"
    },
    {
      "name": "CVE-2026-53176",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53176"
    },
    {
      "name": "CVE-2026-53158",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53158"
    },
    {
      "name": "CVE-2026-53219",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53219"
    },
    {
      "name": "CVE-2026-53249",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53249"
    },
    {
      "name": "CVE-2026-53217",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53217"
    },
    {
      "name": "CVE-2026-52916",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-52916"
    },
    {
      "name": "CVE-2026-53236",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53236"
    },
    {
      "name": "CVE-2026-53225",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53225"
    },
    {
      "name": "CVE-2026-52922",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-52922"
    },
    {
      "name": "CVE-2026-53209",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53209"
    },
    {
      "name": "CVE-2026-53135",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53135"
    },
    {
      "name": "CVE-2026-52927",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-52927"
    },
    {
      "name": "CVE-2026-53237",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53237"
    },
    {
      "name": "CVE-2026-53186",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53186"
    },
    {
      "name": "CVE-2026-53182",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53182"
    },
    {
      "name": "CVE-2026-53177",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53177"
    },
    {
      "name": "CVE-2026-53255",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53255"
    },
    {
      "name": "CVE-2026-53207",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53207"
    },
    {
      "name": "CVE-2026-53160",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53160"
    },
    {
      "name": "CVE-2026-53245",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53245"
    },
    {
      "name": "CVE-2026-53148",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53148"
    },
    {
      "name": "CVE-2026-53133",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53133"
    },
    {
      "name": "CVE-2026-53263",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53263"
    },
    {
      "name": "CVE-2026-53228",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53228"
    },
    {
      "name": "CVE-2026-53194",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53194"
    },
    {
      "name": "CVE-2026-53242",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53242"
    },
    {
      "name": "CVE-2026-53199",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53199"
    },
    {
      "name": "CVE-2026-53247",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53247"
    },
    {
      "name": "CVE-2026-53268",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53268"
    },
    {
      "name": "CVE-2026-53159",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53159"
    },
    {
      "name": "CVE-2026-9675",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-9675"
    },
    {
      "name": "CVE-2026-53080",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53080"
    },
    {
      "name": "CVE-2026-53267",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53267"
    },
    {
      "name": "CVE-2026-52912",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-52912"
    },
    {
      "name": "CVE-2026-53221",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53221"
    },
    {
      "name": "CVE-2026-53275",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53275"
    },
    {
      "name": "CVE-2026-55200",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-55200"
    },
    {
      "name": "CVE-2026-53215",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53215"
    },
    {
      "name": "CVE-2026-53253",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53253"
    },
    {
      "name": "CVE-2026-53252",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53252"
    },
    {
      "name": "CVE-2026-53270",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53270"
    },
    {
      "name": "CVE-2026-53264",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53264"
    },
    {
      "name": "CVE-2026-53184",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53184"
    },
    {
      "name": "CVE-2026-53254",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53254"
    },
    {
      "name": "CVE-2026-53238",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53238"
    },
    {
      "name": "CVE-2026-52921",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-52921"
    },
    {
      "name": "CVE-2026-53213",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53213"
    },
    {
      "name": "CVE-2026-52930",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-52930"
    },
    {
      "name": "CVE-2026-53265",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53265"
    },
    {
      "name": "CVE-2026-52923",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-52923"
    },
    {
      "name": "CVE-2026-53154",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53154"
    },
    {
      "name": "CVE-2026-53196",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53196"
    },
    {
      "name": "CVE-2026-52926",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-52926"
    }
  ],
  "initial_release_date": "2026-06-29T00:00:00",
  "last_revision_date": "2026-06-29T00:00:00",
  "links": [],
  "reference": "CERTFR-2026-AVI-0812",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2026-06-29T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Microsoft Azure Linux. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Azure Linux",
  "vendor_advisories": [
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53215",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53215"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53209",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53209"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-52912",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-52912"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-9697",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-9697"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53080",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53080"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53247",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53247"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53218",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53218"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53221",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53221"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53255",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53255"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-52926",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-52926"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-52916",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-52916"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-52924",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-52924"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53239",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53239"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53254",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53254"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-9675",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-9675"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-52930",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-52930"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-52941",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-52941"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53236",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53236"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53176",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53176"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-52942",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-52942"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53268",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53268"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53266",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53266"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53160",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53160"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53148",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53148"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53270",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53270"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53217",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53217"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-52934",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-52934"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53253",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53253"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-52943",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-52943"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53227",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53227"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53182",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53182"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53230",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53230"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53186",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53186"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53184",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53184"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53161",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53161"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-52923",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-52923"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53237",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53237"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53213",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53213"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-52947",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-52947"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53245",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53245"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-52922",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-52922"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53159",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53159"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53150",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53150"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53275",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53275"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53133",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53133"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53264",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53264"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53267",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53267"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53265",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53265"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53196",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53196"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53219",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53219"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53149",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53149"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53242",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53242"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53146",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53146"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53252",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53252"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53194",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53194"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-52919",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-52919"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-52931",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-52931"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-52921",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-52921"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53181",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53181"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53154",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53154"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-52913",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-52913"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53135",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53135"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53183",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53183"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53249",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53249"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53228",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53228"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53147",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53147"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53143",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53143"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53158",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53158"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-52915",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-52915"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53238",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53238"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53263",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53263"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53207",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53207"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53225",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53225"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53214",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53214"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-55200",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55200"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53177",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53177"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53199",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53199"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-52927",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-52927"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53274",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53274"
    }
  ]
}

GHSA-7CG4-79F4-7W2G

Vulnerability from github – Published: 2026-06-24 09:30 – Updated: 2026-06-24 09:30

Details

In the Linux kernel, the following vulnerability has been resolved:

batman-adv: frag: disallow unicast fragment in fragment

batadv_frag_skb_buffer() is called by batadv_batman_skb_recv() when a BATADV_UNICAST_FRAG packet is received. Once all fragments are collected and the packet is reassembled, batadv_recv_frag_packet() calls batadv_batman_skb_recv() again to process the defragmented payload.

A malicious sender can craft a BATADV_UNICAST_FRAG packet whose reassembled payload is itself a BATADV_UNICAST_FRAG packet (matryoshka-style nesting). Each nesting level recurses through batadv_batman_skb_recv() without bound, growing the kernel stack until it is exhausted.

Since refragmentation or fragments in fragments are not actually allowed, discard all packets which are still BATADV_UNICAST_FRAG packets after the defragmentation process.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2026-52916"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-24T08:16:21Z",
    "severity": null
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nbatman-adv: frag: disallow unicast fragment in fragment\n\nbatadv_frag_skb_buffer() is called by batadv_batman_skb_recv() when a\nBATADV_UNICAST_FRAG packet is received. Once all fragments are collected\nand the packet is reassembled, batadv_recv_frag_packet() calls\nbatadv_batman_skb_recv() again to process the defragmented payload.\n\nA malicious sender can craft a BATADV_UNICAST_FRAG packet whose reassembled\npayload is itself a BATADV_UNICAST_FRAG packet (matryoshka-style nesting).\nEach nesting level recurses through batadv_batman_skb_recv() without bound,\ngrowing the kernel stack until it is exhausted.\n\nSince refragmentation or fragments in fragments are not actually allowed,\ndiscard all packets which are still BATADV_UNICAST_FRAG packets after the\ndefragmentation process.",
  "id": "GHSA-7cg4-79f4-7w2g",
  "modified": "2026-06-24T09:30:48Z",
  "published": "2026-06-24T09:30:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-52916"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0c208fa3859e3a33a1c38bebc41d021166e94ac8"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5418be6c2e117bf8a316582795a8e3ff90f45e5d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5895ad21c7059a652da83fb817510f7a1e962abf"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/7138c35c9ad39a2fca6264af6b87466471f04ffc"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/aea54d0bbe156d5ab7d00d68f66149ff41f4612a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b54e459cf86943583c1aa2ee3081874e7ab1f5f3"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/bc62216dc8e221e3781afa14430f45208bfa9af9"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/bcda4814dc6524283c0b958882cb963d75fe411d"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

MSRC_CVE-2026-52916

Vulnerability from csaf_microsoft - Published: 2026-06-02 00:00 - Updated: 2026-06-28 02:03

Summary

batman-adv: frag: disallow unicast fragment in fragment

Notes

Additional Resources: To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle

Disclaimer: The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.

CVE-2026-52916

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 21443-17084		—

Known affected 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 17084-1		—	Vendor Fix fix

References

4 references

URL	Category
https://msrc.microsoft.com/csaf/vex/2026/msrc_cve…	self
https://support.microsoft.com/lifecycle	external
https://www.first.org/cvss	external
https://msrc.microsoft.com/csaf/vex/2026/msrc_cve…	self

JSON

To clipboard

{
  "document": {
    "category": "csaf_vex",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Public",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
        "title": "Additional Resources"
      },
      {
        "category": "legal_disclaimer",
        "text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
        "title": "Disclaimer"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "secure@microsoft.com",
      "name": "Microsoft Security Response Center",
      "namespace": "https://msrc.microsoft.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "CVE-2026-52916 batman-adv: frag: disallow unicast fragment in fragment - VEX",
        "url": "https://msrc.microsoft.com/csaf/vex/2026/msrc_cve-2026-52916.json"
      },
      {
        "category": "external",
        "summary": "Microsoft Support Lifecycle",
        "url": "https://support.microsoft.com/lifecycle"
      },
      {
        "category": "external",
        "summary": "Common Vulnerability Scoring System",
        "url": "https://www.first.org/cvss"
      }
    ],
    "title": "batman-adv: frag: disallow unicast fragment in fragment",
    "tracking": {
      "current_release_date": "2026-06-28T02:03:31.000Z",
      "generator": {
        "date": "2026-06-28T07:10:57.240Z",
        "engine": {
          "name": "MSRC Generator",
          "version": "1.0"
        }
      },
      "id": "msrc_CVE-2026-52916",
      "initial_release_date": "2026-06-02T00:00:00.000Z",
      "revision_history": [
        {
          "date": "2026-06-27T01:08:53.000Z",
          "legacy_version": "1",
          "number": "1",
          "summary": "Information published."
        },
        {
          "date": "2026-06-28T02:03:31.000Z",
          "legacy_version": "2",
          "number": "2",
          "summary": "Information published."
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "3.0",
                "product": {
                  "name": "Azure Linux 3.0",
                  "product_id": "17084"
                }
              }
            ],
            "category": "product_name",
            "name": "Azure Linux"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003cazl3 kernel 0:6.6.141.1-1.azl3",
                "product": {
                  "name": "\u003cazl3 kernel 0:6.6.141.1-1.azl3",
                  "product_id": "1"
                }
              },
              {
                "category": "product_version",
                "name": "azl3 kernel 0:6.6.141.1-1.azl3",
                "product": {
                  "name": "azl3 kernel 0:6.6.141.1-1.azl3",
                  "product_id": "21443"
                }
              }
            ],
            "category": "product_name",
            "name": "kernel"
          }
        ],
        "category": "vendor",
        "name": "Microsoft"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "\u003cazl3 kernel 0:6.6.141.1-1.azl3 as a component of Azure Linux 3.0",
          "product_id": "17084-1"
        },
        "product_reference": "1",
        "relates_to_product_reference": "17084"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "azl3 kernel 0:6.6.141.1-1.azl3 as a component of Azure Linux 3.0",
          "product_id": "21443-17084"
        },
        "product_reference": "21443",
        "relates_to_product_reference": "17084"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2026-52916",
      "notes": [
        {
          "category": "general",
          "text": "Linux",
          "title": "Assigning CNA"
        }
      ],
      "product_status": {
        "fixed": [
          "21443-17084"
        ],
        "known_affected": [
          "17084-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-52916 batman-adv: frag: disallow unicast fragment in fragment - VEX",
          "url": "https://msrc.microsoft.com/csaf/vex/2026/msrc_cve-2026-52916.json"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-27T01:08:53.000Z",
          "details": "0:6.6.143.1-1.azl3:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
          "product_ids": [
            "17084-1"
          ],
          "url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
        }
      ],
      "title": "batman-adv: frag: disallow unicast fragment in fragment"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2026-52916 (GCVE-0-2026-52916)

CERTFR-2026-AVI-0812

Solutions

GHSA-7CG4-79F4-7W2G

MSRC_CVE-2026-52916

Tags

Sightings

Nomenclature