Vulnerability-Lookup

CVE-2026-52924 (GCVE-0-2026-52924)

Vulnerability from cvelistv5 – Published: 2026-06-24 07:14 – Updated: 2026-06-28 06:36

Title

sctp: purge outqueue on stale COOKIE-ECHO handling

Summary

In the Linux kernel, the following vulnerability has been resolved: sctp: purge outqueue on stale COOKIE-ECHO handling sctp_stream_update() is only invoked when the association is moved into COOKIE_WAIT during association setup/reconfiguration. In this path, the outbound stream scheduler state (stream->out_curr) is expected to be clean, since no user data should have been transmitted yet unless the state machine has already partially progressed. However, a corner case exists in sctp_sf_do_5_2_6_stale(): when a Stale Cookie ERROR is received, the association is rolled back from COOKIE_ECHOED to COOKIE_WAIT. In this scenario, user data may already have been queued and even bundled with the COOKIE-ECHO chunk. During the rollback, sctp_stream_update() frees the old stream table and installs a new one, but it does not invalidate stream->out_curr. As a result, out_curr may still point to a freed sctp_stream_out entry from the previous stream state. Later, SCTP scheduler dequeue paths (FCFS, RR, PRIO, etc.) rely on stream->out_curr->ext, which can lead to use-after-free once the old stream state has been released via sctp_stream_free(). This results in crashes such as (reported by Yuqi): BUG: KASAN: slab-use-after-free in sctp_sched_fcfs_dequeue+0x13a/0x140 Read of size 8 at addr ff1100004d4d3208 by task mini_poc/9312 CPU: 1 UID: 1001 PID: 9312 Comm: mini_poc Not tainted 7.1.0-rc1-00305-gbd3a4795d574 #5 PREEMPT(full) sctp_sched_fcfs_dequeue+0x13a/0x140 sctp_outq_flush+0x1603/0x33e0 sctp_do_sm+0x31c9/0x5d30 sctp_assoc_bh_rcv+0x392/0x6f0 sctp_inq_push+0x1db/0x270 sctp_rcv+0x138d/0x3c10 Fix this by fully purging the association outqueue when handling the Stale Cookie case. This ensures all pending transmit and retransmit state is dropped, and any scheduler cached pointers are invalidated, making it safe to rebuild stream state during COOKIE_WAIT restart. Updating only stream->out_curr would be insufficient, since queued and retransmittable data would still reference the old stream state and trigger later use-after-free in dequeue paths.

Severity

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Assigner

Linux

References

8 references

URL	Tags
https://git.kernel.org/stable/c/84b7a319105db2f91…
https://git.kernel.org/stable/c/f46e1d1a758878f0d…
https://git.kernel.org/stable/c/3c0741a441a7df709…
https://git.kernel.org/stable/c/2afc9e684dc7fecf7…
https://git.kernel.org/stable/c/1d4652f677906a644…
https://git.kernel.org/stable/c/a6207349e703cfc04…
https://git.kernel.org/stable/c/83ade59e5da365f4b…
https://git.kernel.org/stable/c/e374b22e9b07b72a2…

Impacted products

2 products

Vendor	Product	Version
Linux	Linux	Affected: 5bbbbe32a43199c2b9ea5ea66fab6241c64beb51 , < 84b7a319105db2f917ccdcf502bdc866082b1285 (git) Affected: 5bbbbe32a43199c2b9ea5ea66fab6241c64beb51 , < f46e1d1a758878f0d22c4fbbd1bf42bb7165d1e8 (git) Affected: 5bbbbe32a43199c2b9ea5ea66fab6241c64beb51 , < 3c0741a441a7df7099d7ca6a64a6a0de09c677c8 (git) Affected: 5bbbbe32a43199c2b9ea5ea66fab6241c64beb51 , < 2afc9e684dc7fecf73db1edc937ebbc47b4b68dc (git) Affected: 5bbbbe32a43199c2b9ea5ea66fab6241c64beb51 , < 1d4652f677906a64487c13f9ace54b0eb263b5d0 (git) Affected: 5bbbbe32a43199c2b9ea5ea66fab6241c64beb51 , < a6207349e703cfc04756a4d16dec9176135813a5 (git) Affected: 5bbbbe32a43199c2b9ea5ea66fab6241c64beb51 , < 83ade59e5da365f4bf8bce72c5a38774202b442f (git) Affected: 5bbbbe32a43199c2b9ea5ea66fab6241c64beb51 , < e374b22e9b07b72a25909621464ff74096151bfb (git)
Linux	Linux	Affected: 4.15 Unaffected: 0 , < 4.15 (semver) Unaffected: 5.10.259 , ≤ 5.10.* (semver) Unaffected: 5.15.210 , ≤ 5.15.* (semver) Unaffected: 6.1.176 , ≤ 6.1.* (semver) Unaffected: 6.6.143 , ≤ 6.6.* (semver) Unaffected: 6.12.94 , ≤ 6.12.* (semver) Unaffected: 6.18.36 , ≤ 6.18.* (semver) Unaffected: 7.0.13 , ≤ 7.0.* (semver) Unaffected: 7.1 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/sctp/sm_statefuns.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "84b7a319105db2f917ccdcf502bdc866082b1285",
              "status": "affected",
              "version": "5bbbbe32a43199c2b9ea5ea66fab6241c64beb51",
              "versionType": "git"
            },
            {
              "lessThan": "f46e1d1a758878f0d22c4fbbd1bf42bb7165d1e8",
              "status": "affected",
              "version": "5bbbbe32a43199c2b9ea5ea66fab6241c64beb51",
              "versionType": "git"
            },
            {
              "lessThan": "3c0741a441a7df7099d7ca6a64a6a0de09c677c8",
              "status": "affected",
              "version": "5bbbbe32a43199c2b9ea5ea66fab6241c64beb51",
              "versionType": "git"
            },
            {
              "lessThan": "2afc9e684dc7fecf73db1edc937ebbc47b4b68dc",
              "status": "affected",
              "version": "5bbbbe32a43199c2b9ea5ea66fab6241c64beb51",
              "versionType": "git"
            },
            {
              "lessThan": "1d4652f677906a64487c13f9ace54b0eb263b5d0",
              "status": "affected",
              "version": "5bbbbe32a43199c2b9ea5ea66fab6241c64beb51",
              "versionType": "git"
            },
            {
              "lessThan": "a6207349e703cfc04756a4d16dec9176135813a5",
              "status": "affected",
              "version": "5bbbbe32a43199c2b9ea5ea66fab6241c64beb51",
              "versionType": "git"
            },
            {
              "lessThan": "83ade59e5da365f4bf8bce72c5a38774202b442f",
              "status": "affected",
              "version": "5bbbbe32a43199c2b9ea5ea66fab6241c64beb51",
              "versionType": "git"
            },
            {
              "lessThan": "e374b22e9b07b72a25909621464ff74096151bfb",
              "status": "affected",
              "version": "5bbbbe32a43199c2b9ea5ea66fab6241c64beb51",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/sctp/sm_statefuns.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.15"
            },
            {
              "lessThan": "4.15",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.259",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.210",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.176",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.143",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.94",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.18.*",
              "status": "unaffected",
              "version": "6.18.36",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.*",
              "status": "unaffected",
              "version": "7.0.13",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "7.1",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.259",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.210",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.176",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.143",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.94",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.18.36",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "7.0.13",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "7.1",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: purge outqueue on stale COOKIE-ECHO handling\n\nsctp_stream_update() is only invoked when the association is moved into\nCOOKIE_WAIT during association setup/reconfiguration. In this path, the\noutbound stream scheduler state (stream-\u003eout_curr) is expected to be\nclean, since no user data should have been transmitted yet unless the\nstate machine has already partially progressed.\n\nHowever, a corner case exists in sctp_sf_do_5_2_6_stale(): when a\nStale Cookie ERROR is received, the association is rolled back from\nCOOKIE_ECHOED to COOKIE_WAIT. In this scenario, user data may already\nhave been queued and even bundled with the COOKIE-ECHO chunk.\n\nDuring the rollback, sctp_stream_update() frees the old stream table\nand installs a new one, but it does not invalidate stream-\u003eout_curr.\nAs a result, out_curr may still point to a freed sctp_stream_out\nentry from the previous stream state.\n\nLater, SCTP scheduler dequeue paths (FCFS, RR, PRIO, etc.) rely on\nstream-\u003eout_curr-\u003eext, which can lead to use-after-free once the old\nstream state has been released via sctp_stream_free().\n\nThis results in crashes such as (reported by Yuqi):\n\n  BUG: KASAN: slab-use-after-free in sctp_sched_fcfs_dequeue+0x13a/0x140\n  Read of size 8 at addr ff1100004d4d3208 by task mini_poc/9312\n  CPU: 1 UID: 1001 PID: 9312 Comm: mini_poc Not tainted\n     7.1.0-rc1-00305-gbd3a4795d574 #5 PREEMPT(full)\n   sctp_sched_fcfs_dequeue+0x13a/0x140\n   sctp_outq_flush+0x1603/0x33e0\n   sctp_do_sm+0x31c9/0x5d30\n   sctp_assoc_bh_rcv+0x392/0x6f0\n   sctp_inq_push+0x1db/0x270\n   sctp_rcv+0x138d/0x3c10\n\nFix this by fully purging the association outqueue when handling the\nStale Cookie case. This ensures all pending transmit and retransmit\nstate is dropped, and any scheduler cached pointers are invalidated,\nmaking it safe to rebuild stream state during COOKIE_WAIT restart.\n\nUpdating only stream-\u003eout_curr would be insufficient, since queued\nand retransmittable data would still reference the old stream state and\ntrigger later use-after-free in dequeue paths."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-28T06:36:46.646Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/84b7a319105db2f917ccdcf502bdc866082b1285"
        },
        {
          "url": "https://git.kernel.org/stable/c/f46e1d1a758878f0d22c4fbbd1bf42bb7165d1e8"
        },
        {
          "url": "https://git.kernel.org/stable/c/3c0741a441a7df7099d7ca6a64a6a0de09c677c8"
        },
        {
          "url": "https://git.kernel.org/stable/c/2afc9e684dc7fecf73db1edc937ebbc47b4b68dc"
        },
        {
          "url": "https://git.kernel.org/stable/c/1d4652f677906a64487c13f9ace54b0eb263b5d0"
        },
        {
          "url": "https://git.kernel.org/stable/c/a6207349e703cfc04756a4d16dec9176135813a5"
        },
        {
          "url": "https://git.kernel.org/stable/c/83ade59e5da365f4bf8bce72c5a38774202b442f"
        },
        {
          "url": "https://git.kernel.org/stable/c/e374b22e9b07b72a25909621464ff74096151bfb"
        }
      ],
      "title": "sctp: purge outqueue on stale COOKIE-ECHO handling",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2026-52924",
    "datePublished": "2026-06-24T07:14:18.646Z",
    "dateReserved": "2026-06-09T07:44:35.368Z",
    "dateUpdated": "2026-06-28T06:36:46.646Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2026-52924",
      "date": "2026-06-29",
      "epss": "0.00393",
      "percentile": "0.31099"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2026-52924\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2026-06-24T08:16:22.430\",\"lastModified\":\"2026-06-28T08:16:24.060\",\"vulnStatus\":\"Received\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nsctp: purge outqueue on stale COOKIE-ECHO handling\\n\\nsctp_stream_update() is only invoked when the association is moved into\\nCOOKIE_WAIT during association setup/reconfiguration. In this path, the\\noutbound stream scheduler state (stream-\u003eout_curr) is expected to be\\nclean, since no user data should have been transmitted yet unless the\\nstate machine has already partially progressed.\\n\\nHowever, a corner case exists in sctp_sf_do_5_2_6_stale(): when a\\nStale Cookie ERROR is received, the association is rolled back from\\nCOOKIE_ECHOED to COOKIE_WAIT. In this scenario, user data may already\\nhave been queued and even bundled with the COOKIE-ECHO chunk.\\n\\nDuring the rollback, sctp_stream_update() frees the old stream table\\nand installs a new one, but it does not invalidate stream-\u003eout_curr.\\nAs a result, out_curr may still point to a freed sctp_stream_out\\nentry from the previous stream state.\\n\\nLater, SCTP scheduler dequeue paths (FCFS, RR, PRIO, etc.) rely on\\nstream-\u003eout_curr-\u003eext, which can lead to use-after-free once the old\\nstream state has been released via sctp_stream_free().\\n\\nThis results in crashes such as (reported by Yuqi):\\n\\n  BUG: KASAN: slab-use-after-free in sctp_sched_fcfs_dequeue+0x13a/0x140\\n  Read of size 8 at addr ff1100004d4d3208 by task mini_poc/9312\\n  CPU: 1 UID: 1001 PID: 9312 Comm: mini_poc Not tainted\\n     7.1.0-rc1-00305-gbd3a4795d574 #5 PREEMPT(full)\\n   sctp_sched_fcfs_dequeue+0x13a/0x140\\n   sctp_outq_flush+0x1603/0x33e0\\n   sctp_do_sm+0x31c9/0x5d30\\n   sctp_assoc_bh_rcv+0x392/0x6f0\\n   sctp_inq_push+0x1db/0x270\\n   sctp_rcv+0x138d/0x3c10\\n\\nFix this by fully purging the association outqueue when handling the\\nStale Cookie case. This ensures all pending transmit and retransmit\\nstate is dropped, and any scheduler cached pointers are invalidated,\\nmaking it safe to rebuild stream state during COOKIE_WAIT restart.\\n\\nUpdating only stream-\u003eout_curr would be insufficient, since queued\\nand retransmittable data would still reference the old stream state and\\ntrigger later use-after-free in dequeue paths.\"}],\"affected\":[{\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"affectedData\":[{\"vendor\":\"Linux\",\"product\":\"Linux\",\"defaultStatus\":\"unaffected\",\"programFiles\":[\"net/sctp/sm_statefuns.c\"],\"repo\":\"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\",\"versions\":[{\"version\":\"5bbbbe32a43199c2b9ea5ea66fab6241c64beb51\",\"lessThan\":\"84b7a319105db2f917ccdcf502bdc866082b1285\",\"versionType\":\"git\",\"status\":\"affected\"},{\"version\":\"5bbbbe32a43199c2b9ea5ea66fab6241c64beb51\",\"lessThan\":\"f46e1d1a758878f0d22c4fbbd1bf42bb7165d1e8\",\"versionType\":\"git\",\"status\":\"affected\"},{\"version\":\"5bbbbe32a43199c2b9ea5ea66fab6241c64beb51\",\"lessThan\":\"3c0741a441a7df7099d7ca6a64a6a0de09c677c8\",\"versionType\":\"git\",\"status\":\"affected\"},{\"version\":\"5bbbbe32a43199c2b9ea5ea66fab6241c64beb51\",\"lessThan\":\"2afc9e684dc7fecf73db1edc937ebbc47b4b68dc\",\"versionType\":\"git\",\"status\":\"affected\"},{\"version\":\"5bbbbe32a43199c2b9ea5ea66fab6241c64beb51\",\"lessThan\":\"1d4652f677906a64487c13f9ace54b0eb263b5d0\",\"versionType\":\"git\",\"status\":\"affected\"},{\"version\":\"5bbbbe32a43199c2b9ea5ea66fab6241c64beb51\",\"lessThan\":\"a6207349e703cfc04756a4d16dec9176135813a5\",\"versionType\":\"git\",\"status\":\"affected\"},{\"version\":\"5bbbbe32a43199c2b9ea5ea66fab6241c64beb51\",\"lessThan\":\"83ade59e5da365f4bf8bce72c5a38774202b442f\",\"versionType\":\"git\",\"status\":\"affected\"},{\"version\":\"5bbbbe32a43199c2b9ea5ea66fab6241c64beb51\",\"lessThan\":\"e374b22e9b07b72a25909621464ff74096151bfb\",\"versionType\":\"git\",\"status\":\"affected\"}]},{\"vendor\":\"Linux\",\"product\":\"Linux\",\"defaultStatus\":\"affected\",\"programFiles\":[\"net/sctp/sm_statefuns.c\"],\"repo\":\"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\",\"versions\":[{\"version\":\"4.15\",\"status\":\"affected\"},{\"version\":\"0\",\"lessThan\":\"4.15\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"5.10.259\",\"lessThanOrEqual\":\"5.10.*\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"5.15.210\",\"lessThanOrEqual\":\"5.15.*\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"6.1.176\",\"lessThanOrEqual\":\"6.1.*\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"6.6.143\",\"lessThanOrEqual\":\"6.6.*\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"6.12.94\",\"lessThanOrEqual\":\"6.12.*\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"6.18.36\",\"lessThanOrEqual\":\"6.18.*\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"7.0.13\",\"lessThanOrEqual\":\"7.0.*\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"7.1\",\"lessThanOrEqual\":\"*\",\"versionType\":\"original_commit_for_fix\",\"status\":\"unaffected\"}]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/1d4652f677906a64487c13f9ace54b0eb263b5d0\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/2afc9e684dc7fecf73db1edc937ebbc47b4b68dc\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/3c0741a441a7df7099d7ca6a64a6a0de09c677c8\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/83ade59e5da365f4bf8bce72c5a38774202b442f\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/84b7a319105db2f917ccdcf502bdc866082b1285\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/a6207349e703cfc04756a4d16dec9176135813a5\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/e374b22e9b07b72a25909621464ff74096151bfb\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/f46e1d1a758878f0d22c4fbbd1bf42bb7165d1e8\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
  }
}

CERTFR-2026-AVI-0812

Vulnerability from certfr_avis - Published: 2026-06-29 - Updated: 2026-06-29

De multiples vulnérabilités ont été découvertes dans Microsoft Azure Linux. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Microsoft	Azure Linux	azl3 libssh2 1.11.1-2 versions antérieures à 1.11.1-3
Microsoft	Azure Linux	azl3 libssh2 1.11.1-3 versions antérieures à 1.11.1-3
Microsoft	Azure Linux	azl3 nodejs 24.14.1-3 versions antérieures à 24.17.0-1
Microsoft	Azure Linux	azl3 kernel 6.6.141.1-1 versions antérieures à 6.6.143.1-1

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft CVE-2026-53215	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53209	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-52912	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-9697	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53080	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53247	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53218	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53221	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53255	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-52926	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-52916	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-52924	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53239	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53254	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-9675	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-52930	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-52941	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53236	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53176	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-52942	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53268	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53266	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53160	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53148	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53270	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53217	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-52934	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53253	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-52943	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53227	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53182	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53230	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53186	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53184	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53161	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-52923	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53237	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53213	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-52947	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53245	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-52922	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53159	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53150	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53275	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53133	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53264	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53267	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53265	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53196	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53219	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53149	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53242	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53146	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53252	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53194	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-52919	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-52931	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-52921	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53181	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53154	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-52913	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53135	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53183	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53249	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53228	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53147	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53143	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53158	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-52915	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53238	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53263	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53207	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53225	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53214	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-55200	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53177	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53199	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-52927	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53274	2026-06-27	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "azl3 libssh2 1.11.1-2 versions ant\u00e9rieures \u00e0 1.11.1-3",
      "product": {
        "name": "Azure Linux",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 libssh2 1.11.1-3 versions ant\u00e9rieures \u00e0 1.11.1-3",
      "product": {
        "name": "Azure Linux",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 nodejs 24.14.1-3 versions ant\u00e9rieures \u00e0 24.17.0-1",
      "product": {
        "name": "Azure Linux",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 kernel 6.6.141.1-1 versions ant\u00e9rieures \u00e0 6.6.143.1-1",
      "product": {
        "name": "Azure Linux",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2026-9697",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-9697"
    },
    {
      "name": "CVE-2026-53230",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53230"
    },
    {
      "name": "CVE-2026-52934",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-52934"
    },
    {
      "name": "CVE-2026-53214",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53214"
    },
    {
      "name": "CVE-2026-53274",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53274"
    },
    {
      "name": "CVE-2026-52947",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-52947"
    },
    {
      "name": "CVE-2026-53218",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53218"
    },
    {
      "name": "CVE-2026-53143",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53143"
    },
    {
      "name": "CVE-2026-53161",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53161"
    },
    {
      "name": "CVE-2026-52924",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-52924"
    },
    {
      "name": "CVE-2026-53227",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53227"
    },
    {
      "name": "CVE-2026-53239",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53239"
    },
    {
      "name": "CVE-2026-53181",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53181"
    },
    {
      "name": "CVE-2026-52943",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-52943"
    },
    {
      "name": "CVE-2026-52915",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-52915"
    },
    {
      "name": "CVE-2026-53146",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53146"
    },
    {
      "name": "CVE-2026-52913",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-52913"
    },
    {
      "name": "CVE-2026-52941",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-52941"
    },
    {
      "name": "CVE-2026-53150",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53150"
    },
    {
      "name": "CVE-2026-53147",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53147"
    },
    {
      "name": "CVE-2026-52942",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-52942"
    },
    {
      "name": "CVE-2026-53183",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53183"
    },
    {
      "name": "CVE-2026-52931",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-52931"
    },
    {
      "name": "CVE-2026-52919",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-52919"
    },
    {
      "name": "CVE-2026-53266",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53266"
    },
    {
      "name": "CVE-2026-53149",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53149"
    },
    {
      "name": "CVE-2026-53176",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53176"
    },
    {
      "name": "CVE-2026-53158",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53158"
    },
    {
      "name": "CVE-2026-53219",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53219"
    },
    {
      "name": "CVE-2026-53249",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53249"
    },
    {
      "name": "CVE-2026-53217",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53217"
    },
    {
      "name": "CVE-2026-52916",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-52916"
    },
    {
      "name": "CVE-2026-53236",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53236"
    },
    {
      "name": "CVE-2026-53225",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53225"
    },
    {
      "name": "CVE-2026-52922",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-52922"
    },
    {
      "name": "CVE-2026-53209",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53209"
    },
    {
      "name": "CVE-2026-53135",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53135"
    },
    {
      "name": "CVE-2026-52927",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-52927"
    },
    {
      "name": "CVE-2026-53237",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53237"
    },
    {
      "name": "CVE-2026-53186",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53186"
    },
    {
      "name": "CVE-2026-53182",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53182"
    },
    {
      "name": "CVE-2026-53177",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53177"
    },
    {
      "name": "CVE-2026-53255",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53255"
    },
    {
      "name": "CVE-2026-53207",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53207"
    },
    {
      "name": "CVE-2026-53160",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53160"
    },
    {
      "name": "CVE-2026-53245",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53245"
    },
    {
      "name": "CVE-2026-53148",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53148"
    },
    {
      "name": "CVE-2026-53133",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53133"
    },
    {
      "name": "CVE-2026-53263",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53263"
    },
    {
      "name": "CVE-2026-53228",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53228"
    },
    {
      "name": "CVE-2026-53194",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53194"
    },
    {
      "name": "CVE-2026-53242",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53242"
    },
    {
      "name": "CVE-2026-53199",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53199"
    },
    {
      "name": "CVE-2026-53247",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53247"
    },
    {
      "name": "CVE-2026-53268",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53268"
    },
    {
      "name": "CVE-2026-53159",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53159"
    },
    {
      "name": "CVE-2026-9675",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-9675"
    },
    {
      "name": "CVE-2026-53080",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53080"
    },
    {
      "name": "CVE-2026-53267",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53267"
    },
    {
      "name": "CVE-2026-52912",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-52912"
    },
    {
      "name": "CVE-2026-53221",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53221"
    },
    {
      "name": "CVE-2026-53275",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53275"
    },
    {
      "name": "CVE-2026-55200",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-55200"
    },
    {
      "name": "CVE-2026-53215",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53215"
    },
    {
      "name": "CVE-2026-53253",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53253"
    },
    {
      "name": "CVE-2026-53252",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53252"
    },
    {
      "name": "CVE-2026-53270",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53270"
    },
    {
      "name": "CVE-2026-53264",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53264"
    },
    {
      "name": "CVE-2026-53184",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53184"
    },
    {
      "name": "CVE-2026-53254",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53254"
    },
    {
      "name": "CVE-2026-53238",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53238"
    },
    {
      "name": "CVE-2026-52921",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-52921"
    },
    {
      "name": "CVE-2026-53213",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53213"
    },
    {
      "name": "CVE-2026-52930",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-52930"
    },
    {
      "name": "CVE-2026-53265",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53265"
    },
    {
      "name": "CVE-2026-52923",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-52923"
    },
    {
      "name": "CVE-2026-53154",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53154"
    },
    {
      "name": "CVE-2026-53196",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53196"
    },
    {
      "name": "CVE-2026-52926",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-52926"
    }
  ],
  "initial_release_date": "2026-06-29T00:00:00",
  "last_revision_date": "2026-06-29T00:00:00",
  "links": [],
  "reference": "CERTFR-2026-AVI-0812",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2026-06-29T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Microsoft Azure Linux. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Azure Linux",
  "vendor_advisories": [
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53215",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53215"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53209",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53209"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-52912",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-52912"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-9697",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-9697"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53080",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53080"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53247",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53247"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53218",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53218"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53221",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53221"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53255",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53255"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-52926",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-52926"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-52916",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-52916"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-52924",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-52924"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53239",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53239"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53254",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53254"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-9675",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-9675"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-52930",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-52930"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-52941",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-52941"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53236",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53236"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53176",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53176"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-52942",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-52942"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53268",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53268"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53266",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53266"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53160",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53160"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53148",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53148"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53270",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53270"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53217",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53217"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-52934",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-52934"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53253",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53253"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-52943",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-52943"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53227",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53227"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53182",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53182"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53230",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53230"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53186",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53186"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53184",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53184"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53161",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53161"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-52923",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-52923"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53237",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53237"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53213",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53213"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-52947",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-52947"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53245",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53245"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-52922",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-52922"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53159",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53159"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53150",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53150"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53275",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53275"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53133",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53133"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53264",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53264"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53267",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53267"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53265",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53265"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53196",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53196"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53219",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53219"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53149",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53149"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53242",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53242"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53146",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53146"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53252",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53252"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53194",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53194"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-52919",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-52919"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-52931",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-52931"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-52921",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-52921"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53181",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53181"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53154",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53154"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-52913",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-52913"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53135",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53135"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53183",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53183"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53249",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53249"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53228",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53228"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53147",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53147"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53143",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53143"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53158",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53158"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-52915",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-52915"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53238",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53238"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53263",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53263"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53207",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53207"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53225",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53225"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53214",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53214"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-55200",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55200"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53177",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53177"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53199",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53199"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-52927",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-52927"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53274",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53274"
    }
  ]
}

GHSA-V4HW-Q98X-8JMM

Vulnerability from github – Published: 2026-06-24 09:30 – Updated: 2026-06-28 09:31

Details

In the Linux kernel, the following vulnerability has been resolved:

sctp: purge outqueue on stale COOKIE-ECHO handling

sctp_stream_update() is only invoked when the association is moved into COOKIE_WAIT during association setup/reconfiguration. In this path, the outbound stream scheduler state (stream->out_curr) is expected to be clean, since no user data should have been transmitted yet unless the state machine has already partially progressed.

However, a corner case exists in sctp_sf_do_5_2_6_stale(): when a Stale Cookie ERROR is received, the association is rolled back from COOKIE_ECHOED to COOKIE_WAIT. In this scenario, user data may already have been queued and even bundled with the COOKIE-ECHO chunk.

During the rollback, sctp_stream_update() frees the old stream table and installs a new one, but it does not invalidate stream->out_curr. As a result, out_curr may still point to a freed sctp_stream_out entry from the previous stream state.

Later, SCTP scheduler dequeue paths (FCFS, RR, PRIO, etc.) rely on stream->out_curr->ext, which can lead to use-after-free once the old stream state has been released via sctp_stream_free().

This results in crashes such as (reported by Yuqi):

BUG: KASAN: slab-use-after-free in sctp_sched_fcfs_dequeue+0x13a/0x140 Read of size 8 at addr ff1100004d4d3208 by task mini_poc/9312 CPU: 1 UID: 1001 PID: 9312 Comm: mini_poc Not tainted 7.1.0-rc1-00305-gbd3a4795d574 #5 PREEMPT(full) sctp_sched_fcfs_dequeue+0x13a/0x140 sctp_outq_flush+0x1603/0x33e0 sctp_do_sm+0x31c9/0x5d30 sctp_assoc_bh_rcv+0x392/0x6f0 sctp_inq_push+0x1db/0x270 sctp_rcv+0x138d/0x3c10

Fix this by fully purging the association outqueue when handling the Stale Cookie case. This ensures all pending transmit and retransmit state is dropped, and any scheduler cached pointers are invalidated, making it safe to rebuild stream state during COOKIE_WAIT restart.

Updating only stream->out_curr would be insufficient, since queued and retransmittable data would still reference the old stream state and trigger later use-after-free in dequeue paths.

Severity

9.8 (Critical)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2026-52924"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-24T08:16:22Z",
    "severity": "CRITICAL"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: purge outqueue on stale COOKIE-ECHO handling\n\nsctp_stream_update() is only invoked when the association is moved into\nCOOKIE_WAIT during association setup/reconfiguration. In this path, the\noutbound stream scheduler state (stream-\u003eout_curr) is expected to be\nclean, since no user data should have been transmitted yet unless the\nstate machine has already partially progressed.\n\nHowever, a corner case exists in sctp_sf_do_5_2_6_stale(): when a\nStale Cookie ERROR is received, the association is rolled back from\nCOOKIE_ECHOED to COOKIE_WAIT. In this scenario, user data may already\nhave been queued and even bundled with the COOKIE-ECHO chunk.\n\nDuring the rollback, sctp_stream_update() frees the old stream table\nand installs a new one, but it does not invalidate stream-\u003eout_curr.\nAs a result, out_curr may still point to a freed sctp_stream_out\nentry from the previous stream state.\n\nLater, SCTP scheduler dequeue paths (FCFS, RR, PRIO, etc.) rely on\nstream-\u003eout_curr-\u003eext, which can lead to use-after-free once the old\nstream state has been released via sctp_stream_free().\n\nThis results in crashes such as (reported by Yuqi):\n\n  BUG: KASAN: slab-use-after-free in sctp_sched_fcfs_dequeue+0x13a/0x140\n  Read of size 8 at addr ff1100004d4d3208 by task mini_poc/9312\n  CPU: 1 UID: 1001 PID: 9312 Comm: mini_poc Not tainted\n     7.1.0-rc1-00305-gbd3a4795d574 #5 PREEMPT(full)\n   sctp_sched_fcfs_dequeue+0x13a/0x140\n   sctp_outq_flush+0x1603/0x33e0\n   sctp_do_sm+0x31c9/0x5d30\n   sctp_assoc_bh_rcv+0x392/0x6f0\n   sctp_inq_push+0x1db/0x270\n   sctp_rcv+0x138d/0x3c10\n\nFix this by fully purging the association outqueue when handling the\nStale Cookie case. This ensures all pending transmit and retransmit\nstate is dropped, and any scheduler cached pointers are invalidated,\nmaking it safe to rebuild stream state during COOKIE_WAIT restart.\n\nUpdating only stream-\u003eout_curr would be insufficient, since queued\nand retransmittable data would still reference the old stream state and\ntrigger later use-after-free in dequeue paths.",
  "id": "GHSA-v4hw-q98x-8jmm",
  "modified": "2026-06-28T09:31:36Z",
  "published": "2026-06-24T09:30:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-52924"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/1d4652f677906a64487c13f9ace54b0eb263b5d0"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/2afc9e684dc7fecf73db1edc937ebbc47b4b68dc"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3c0741a441a7df7099d7ca6a64a6a0de09c677c8"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/83ade59e5da365f4bf8bce72c5a38774202b442f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/84b7a319105db2f917ccdcf502bdc866082b1285"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a6207349e703cfc04756a4d16dec9176135813a5"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e374b22e9b07b72a25909621464ff74096151bfb"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f46e1d1a758878f0d22c4fbbd1bf42bb7165d1e8"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

MSRC_CVE-2026-52924

Vulnerability from csaf_microsoft - Published: 2026-06-02 00:00 - Updated: 2026-06-28 02:01

Summary

sctp: purge outqueue on stale COOKIE-ECHO handling

Notes

Additional Resources: To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle

Disclaimer: The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.

CVE-2026-52924

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 21443-17084		—

Known affected 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 17084-1		—	Vendor Fix fix

References

4 references

URL	Category
https://msrc.microsoft.com/csaf/vex/2026/msrc_cve…	self
https://support.microsoft.com/lifecycle	external
https://www.first.org/cvss	external
https://msrc.microsoft.com/csaf/vex/2026/msrc_cve…	self

JSON

To clipboard

{
  "document": {
    "category": "csaf_vex",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Public",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
        "title": "Additional Resources"
      },
      {
        "category": "legal_disclaimer",
        "text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
        "title": "Disclaimer"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "secure@microsoft.com",
      "name": "Microsoft Security Response Center",
      "namespace": "https://msrc.microsoft.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "CVE-2026-52924 sctp: purge outqueue on stale COOKIE-ECHO handling - VEX",
        "url": "https://msrc.microsoft.com/csaf/vex/2026/msrc_cve-2026-52924.json"
      },
      {
        "category": "external",
        "summary": "Microsoft Support Lifecycle",
        "url": "https://support.microsoft.com/lifecycle"
      },
      {
        "category": "external",
        "summary": "Common Vulnerability Scoring System",
        "url": "https://www.first.org/cvss"
      }
    ],
    "title": "sctp: purge outqueue on stale COOKIE-ECHO handling",
    "tracking": {
      "current_release_date": "2026-06-28T02:01:01.000Z",
      "generator": {
        "date": "2026-06-28T07:10:57.312Z",
        "engine": {
          "name": "MSRC Generator",
          "version": "1.0"
        }
      },
      "id": "msrc_CVE-2026-52924",
      "initial_release_date": "2026-06-02T00:00:00.000Z",
      "revision_history": [
        {
          "date": "2026-06-27T01:08:54.000Z",
          "legacy_version": "1",
          "number": "1",
          "summary": "Information published."
        },
        {
          "date": "2026-06-28T02:01:01.000Z",
          "legacy_version": "2",
          "number": "2",
          "summary": "Information published."
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "3.0",
                "product": {
                  "name": "Azure Linux 3.0",
                  "product_id": "17084"
                }
              }
            ],
            "category": "product_name",
            "name": "Azure Linux"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003cazl3 kernel 0:6.6.141.1-1.azl3",
                "product": {
                  "name": "\u003cazl3 kernel 0:6.6.141.1-1.azl3",
                  "product_id": "1"
                }
              },
              {
                "category": "product_version",
                "name": "azl3 kernel 0:6.6.141.1-1.azl3",
                "product": {
                  "name": "azl3 kernel 0:6.6.141.1-1.azl3",
                  "product_id": "21443"
                }
              }
            ],
            "category": "product_name",
            "name": "kernel"
          }
        ],
        "category": "vendor",
        "name": "Microsoft"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "\u003cazl3 kernel 0:6.6.141.1-1.azl3 as a component of Azure Linux 3.0",
          "product_id": "17084-1"
        },
        "product_reference": "1",
        "relates_to_product_reference": "17084"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "azl3 kernel 0:6.6.141.1-1.azl3 as a component of Azure Linux 3.0",
          "product_id": "21443-17084"
        },
        "product_reference": "21443",
        "relates_to_product_reference": "17084"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2026-52924",
      "notes": [
        {
          "category": "general",
          "text": "Linux",
          "title": "Assigning CNA"
        }
      ],
      "product_status": {
        "fixed": [
          "21443-17084"
        ],
        "known_affected": [
          "17084-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-52924 sctp: purge outqueue on stale COOKIE-ECHO handling - VEX",
          "url": "https://msrc.microsoft.com/csaf/vex/2026/msrc_cve-2026-52924.json"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-27T01:08:54.000Z",
          "details": "0:6.6.143.1-1.azl3:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
          "product_ids": [
            "17084-1"
          ],
          "url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
        }
      ],
      "title": "sctp: purge outqueue on stale COOKIE-ECHO handling"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2026-52924 (GCVE-0-2026-52924)

CERTFR-2026-AVI-0812

Solutions

GHSA-V4HW-Q98X-8JMM

MSRC_CVE-2026-52924

Tags

Sightings

Nomenclature