Skip to main content

Linux Kernel EUVDEUVD-2026-39219

| CVE-2026-53268 HIGH
Out-of-bounds Read (CWE-125)
2026-06-25 416baaa9-dc9f-4396-8d5f-8c081fb06d67 GHSA-3j2m-3xq8-9948
8.2
CVSS 3.1 · Vendor: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Share

Severity by source

Vendor (416baaa9-dc9f-4396-8d5f-8c081fb06d67) PRIMARY
8.2 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
vuln.today AI
6.5 MEDIUM

Remote unauthenticated (AV:N/PR:N), but AC:H because the legacy IRC helper must be non-default enabled and traffic crafted to fail parsing; impact is memory read (C:L) and crash (A:H), no integrity.

3.1 AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H
4.0 AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (416baaa9-dc9f-4396-8d5f-8c081fb06d67).

CVSS VectorVendor: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
High

Lifecycle Timeline

5
Analysis Generated
Jun 28, 2026 - 09:49 vuln.today
CVSS changed
Jun 28, 2026 - 08:22 NVD
8.2 (HIGH)
Patch available
Jun 25, 2026 - 10:32 EUVD
CVE Published
Jun 25, 2026 - 09:16 cve.org
HIGH 8.2
CVE Published
Jun 25, 2026 - 09:16 cve.org
UNKNOWN (no severity yet)

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

netfilter: conntrack_irc: fix possible out-of-bounds read

When parsing fails after we've matched the command string we should bail out instead of trying to match a different command.

This helper should be deprecated, given prevalence of TLS I doubt it has any relevance in 2026.

AnalysisAI

Out-of-bounds read in the Linux kernel's netfilter IRC connection-tracking helper (nf_conntrack_irc) lets remote attackers leak adjacent kernel memory or crash the host when the parser fails to bail out after matching a DCC command string. The CVSS 3.1 vector (AV:N/PR:N) describes unauthenticated remote reachability with low confidentiality impact and high availability impact, but exploitation is gated on the legacy IRC conntrack helper being loaded and assigned to traffic - a non-default condition on most modern systems. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Reach host running active IRC conntrack helper
Delivery
Send IRC packet matching DCC command
Exploit
Append malformed parameters that fail parsing
Execution
Helper continues, reads past buffer bounds
Impact
Leak kernel memory or crash host

Vulnerability AssessmentAI

Exploitation Exploitation requires the target Linux system to have the netfilter IRC connection-tracking helper (CONFIG_NF_CONNTRACK_IRC / nf_conntrack_irc module) loaded AND actively assigned to traffic, either via the legacy ports= module parameter or an explicit nftables/iptables 'ct helper' rule - this is NOT the default on modern distributions. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment Signals conflict and should be reconciled before prioritizing. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who can route crafted IRC control traffic to a Linux host or firewall that has the nf_conntrack_irc helper active sends a packet containing a matched DCC command followed by malformed parameters that fail parsing. The flawed continue-on-failure logic reads beyond the packet buffer, causing a kernel crash (DoS) or leaking adjacent kernel memory into helper processing. …
Remediation Vendor-released patch: update to a fixed stable kernel - 5.10.259, 5.15.210, 6.1.176, 6.6.143, 6.12.94, 6.18.36, 7.0.13, or 7.1 (or later) on the matching branch, applying your distribution's backported package as it ships the corresponding stable commit (git.kernel.org/stable/c/0afc802160af and the other listed hashes). … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Confirm whether nf_conntrack_irc module is enabled on Linux infrastructure (check /proc/modules and iptables rules). …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-39219 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy