Skip to main content

Linux Kernel CVE-2026-52928

| EUVDEUVD-2026-38698 MEDIUM
2026-06-24 Linux GHSA-3jxv-h97q-rq3x
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
vuln.today AI
5.5 MEDIUM

Local-only socket ioctl requiring standard user privileges; no confidentiality or integrity impact, availability-only disruption, no scope change.

3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4.0 AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
Analysis Generated
Jul 08, 2026 - 16:11 vuln.today
CVSS changed
Jul 08, 2026 - 15:37 NVD
5.5 (MEDIUM)
Patch available
Jun 24, 2026 - 09:16 EUVD
CVE Published
Jun 24, 2026 - 07:14 cve.org
UNKNOWN (no severity yet)
CVE Published
Jun 24, 2026 - 07:14 nvd
MEDIUM 5.5

DescriptionNVD

In the Linux kernel, the following vulnerability has been resolved:

af_unix: Reject SIOCATMARK on non-stream sockets

SIOCATMARK reports whether the receive queue is at the urgent mark for MSG_OOB.

In AF_UNIX, MSG_OOB is supported only for SOCK_STREAM sockets. SOCK_DGRAM and SOCK_SEQPACKET reject MSG_OOB in sendmsg() and recvmsg(), so they should not support SIOCATMARK either.

Return -EOPNOTSUPP for non-stream sockets before checking the receive queue.

AnalysisAI

Availability disruption in the Linux kernel's AF_UNIX socket subsystem allows a local low-privileged user to trigger an unhandled code path by issuing a SIOCATMARK ioctl on non-stream (SOCK_DGRAM or SOCK_SEQPACKET) AF_UNIX sockets, which the kernel incorrectly permits to proceed into receive-queue inspection logic intended only for SOCK_STREAM. The flaw stems from a logic inconsistency: while SOCK_DGRAM and SOCK_SEQPACKET already reject MSG_OOB in sendmsg()/recvmsg(), the SIOCATMARK ioctl handler lacked the corresponding guard, creating an exploitable divergence. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Gain local user session
Delivery
Create AF_UNIX non-stream socket (DGRAM or SEQPACKET)
Exploit
Issue SIOCATMARK ioctl on socket
Execution
Bypass missing socket-type validation
Persist
Trigger unintended receive-queue inspection
Impact
Cause availability disruption

Vulnerability AssessmentAI

Exploitation Exploitation requires local code execution on the target system with standard user privileges (PR:L per CVSS). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 vector AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H accurately characterizes this as a local, low-complexity availability-only issue. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A local user on a shared Linux system - such as a developer on a multi-tenant server or a process in a container with default seccomp - creates an AF_UNIX SOCK_DGRAM or SOCK_SEQPACKET socket and calls the SIOCATMARK ioctl on it. The unguarded kernel handler proceeds into receive-queue state inspection code that was not designed for datagram semantics, causing an availability impact to the calling process or potentially a broader kernel state disruption. …
Remediation Upgrade to a patched Linux kernel release: 6.12.88, 7.0.7, 7.1, or 6.18.30 as applicable to the deployed stable series, using the fix commits linked at git.kernel.org (645b1ed3..., 3147ddf5..., d119775f..., c34c4144...). … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-52928 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy