6lowpan: fix off-by-one in multicast context address compression

MITRE NVD CVE.ORG JSON API Print: PDF PDF

Summary

CVECVE-2026-53263
StatePUBLISHED
AssignerLinux
Source PriorityCVE Program / NVD first with legacy fallback
Published2026-06-25 09:16:44 UTC
Updated2026-06-25 09:16:44 UTC
DescriptionIn the Linux kernel, the following vulnerability has been resolved: 6lowpan: fix off-by-one in multicast context address compression The second memcpy in lowpan_iphc_mcast_ctx_addr_compress() uses &data[1] as destination and &ipaddr->s6_addr[11] as source, but both should be offset by one: &data[2] and &ipaddr->s6_addr[12] respectively. This off-by-one has two consequences: 1. data[1] is overwritten with s6_addr[11], corrupting the RIID field in the compressed multicast address 2. data[5] is never written, so uninitialized kernel stack memory is transmitted over the network via lowpan_push_hc_data(), leaking kernel stack contents The correct inline data layout must match what the decompression function lowpan_uncompress_multicast_ctx_daddr() expects: data[0..1] = s6_addr[1..2] (flags/scope + RIID) data[2..5] = s6_addr[12..15] (group ID) Also zero-initialize the data array as a defensive measure against similar bugs in the future.

Risk And Classification

EPSS: 0.001720000 probability, percentile 0.068460000 (date 2026-06-25)

Vendor Declared Affected Products

SourceVendorProductVersionPlatforms
CNA Linux Linux affected 5609c185f24dffca5f6a9c127106869da150be03 f24a58c72a45f4c109f3557a760cc4b60b7a6037 git Not specified
CNA Linux Linux affected 5609c185f24dffca5f6a9c127106869da150be03 da8cbb64b47e9066b40af0de170901caf17b768c git Not specified
CNA Linux Linux affected 5609c185f24dffca5f6a9c127106869da150be03 4485d79617520d84ba5a14515e2b5136007d6deb git Not specified
CNA Linux Linux affected 5609c185f24dffca5f6a9c127106869da150be03 06ce6fc106b16dec9b535950db626261be865e5b git Not specified
CNA Linux Linux affected 5609c185f24dffca5f6a9c127106869da150be03 dcb1bec1c32ee5c3878354e087cf5dbee2b7c7af git Not specified
CNA Linux Linux affected 5609c185f24dffca5f6a9c127106869da150be03 c32f30ef5e66adbfa102348e2e8a23776eb007cb git Not specified
CNA Linux Linux affected 5609c185f24dffca5f6a9c127106869da150be03 da8808463882c3f3c357b072e25053c2121f1419 git Not specified
CNA Linux Linux affected 5609c185f24dffca5f6a9c127106869da150be03 2a58899d11009bffc7b4b32a571858f381121837 git Not specified
CNA Linux Linux affected 4.6 Not specified
CNA Linux Linux unaffected 4.6 semver Not specified
CNA Linux Linux unaffected 5.10.259 5.10.* semver Not specified
CNA Linux Linux unaffected 5.15.210 5.15.* semver Not specified
CNA Linux Linux unaffected 6.1.176 6.1.* semver Not specified
CNA Linux Linux unaffected 6.6.143 6.6.* semver Not specified
CNA Linux Linux unaffected 6.12.94 6.12.* semver Not specified
CNA Linux Linux unaffected 6.18.36 6.18.* semver Not specified
CNA Linux Linux unaffected 7.0.13 7.0.* semver Not specified
CNA Linux Linux unaffected 7.1 * original_commit_for_fix Not specified

References

ReferenceSourceLinkTags
git.kernel.org/stable/c/06ce6fc106b16dec9b535950db626261be865e5b 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org
git.kernel.org/stable/c/2a58899d11009bffc7b4b32a571858f381121837 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org
git.kernel.org/stable/c/4485d79617520d84ba5a14515e2b5136007d6deb 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org
git.kernel.org/stable/c/c32f30ef5e66adbfa102348e2e8a23776eb007cb 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org
git.kernel.org/stable/c/da8808463882c3f3c357b072e25053c2121f1419 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org
git.kernel.org/stable/c/f24a58c72a45f4c109f3557a760cc4b60b7a6037 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org
git.kernel.org/stable/c/dcb1bec1c32ee5c3878354e087cf5dbee2b7c7af 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org
git.kernel.org/stable/c/da8cbb64b47e9066b40af0de170901caf17b768c 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org
CVE Program record CVE.ORG www.cve.org canonical
NVD vulnerability detail NVD nvd.nist.gov canonical, analysis
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report