{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-52929", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-06-09T07:44:35.368Z", "datePublished": "2026-06-24T07:14:22.020Z", "dateUpdated": "2026-06-24T07:14:22.020Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-06-24T07:14:22.020Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: stream: fully roll back denied add-stream state\n\nWhen ADD_OUT_STREAMS is denied, SCTP only shrinks the queued chunks and\nthen lowers outcnt. That leaves removed stream metadata behind, so a\nlater re-add can reuse a stale ext and hit a null-pointer dereference in\nthe scheduler get path.\n\nFix the rollback by tearing down the removed stream state the same way\nother stream resizes do. Unschedule the current scheduler state, drop\nthe removed stream ext state with sctp_stream_outq_migrate(), and then\nreschedule the remaining streams.\n\nThis keeps scheduler-private RR/FC/PRIO lists consistent while fully\nrolling back denied outgoing stream additions."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/sctp/stream.c"], "versions": [{"version": "637784ade221a3c8a7ecd0f583eddd95d6276b9a", "lessThan": "0cd2dc6dce8ca47212cd306ccd52eb315ef3cf85", "status": "affected", "versionType": "git"}, {"version": "637784ade221a3c8a7ecd0f583eddd95d6276b9a", "lessThan": "a6724b7b812ac8793514a1d5938db5d9d29ae725", "status": "affected", "versionType": "git"}, {"version": "637784ade221a3c8a7ecd0f583eddd95d6276b9a", "lessThan": "9662eb0401518f0b4681f10e7fbf688f504f24cf", "status": "affected", "versionType": "git"}, {"version": "637784ade221a3c8a7ecd0f583eddd95d6276b9a", "lessThan": "7dd9a42b044aad2dbe037db1c1e2943582485b44", "status": "affected", "versionType": "git"}, {"version": "637784ade221a3c8a7ecd0f583eddd95d6276b9a", "lessThan": "39dc2b0eb5371a669ebc9ec6072b9184eac95418", "status": "affected", "versionType": "git"}, {"version": "637784ade221a3c8a7ecd0f583eddd95d6276b9a", "lessThan": "d5ea0b3e261fcb2cfff142675516165244cab1da", "status": "affected", "versionType": "git"}, {"version": "637784ade221a3c8a7ecd0f583eddd95d6276b9a", "lessThan": "1c6773b8c081509dcd5cd2954f2b02c50c00f151", "status": "affected", "versionType": "git"}, {"version": "637784ade221a3c8a7ecd0f583eddd95d6276b9a", "lessThan": "a5f8a90ac9f77c678a9781c0a464b635e0d63e49", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/sctp/stream.c"], "versions": [{"version": "4.15", "status": "affected"}, {"version": "0", "lessThan": "4.15", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.259", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.210", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.176", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.143", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.94", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.36", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0.13", "lessThanOrEqual": "7.0.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.1", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.15", "versionEndExcluding": "5.10.259"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.15", "versionEndExcluding": "5.15.210"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.15", "versionEndExcluding": "6.1.176"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.15", "versionEndExcluding": "6.6.143"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.15", "versionEndExcluding": "6.12.94"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.15", "versionEndExcluding": "6.18.36"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.15", "versionEndExcluding": "7.0.13"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.15", "versionEndExcluding": "7.1"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/0cd2dc6dce8ca47212cd306ccd52eb315ef3cf85"}, {"url": "https://git.kernel.org/stable/c/a6724b7b812ac8793514a1d5938db5d9d29ae725"}, {"url": "https://git.kernel.org/stable/c/9662eb0401518f0b4681f10e7fbf688f504f24cf"}, {"url": "https://git.kernel.org/stable/c/7dd9a42b044aad2dbe037db1c1e2943582485b44"}, {"url": "https://git.kernel.org/stable/c/39dc2b0eb5371a669ebc9ec6072b9184eac95418"}, {"url": "https://git.kernel.org/stable/c/d5ea0b3e261fcb2cfff142675516165244cab1da"}, {"url": "https://git.kernel.org/stable/c/1c6773b8c081509dcd5cd2954f2b02c50c00f151"}, {"url": "https://git.kernel.org/stable/c/a5f8a90ac9f77c678a9781c0a464b635e0d63e49"}], "title": "sctp: stream: fully roll back denied add-stream state", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{}

{"bugzilla": {"description": "kernel: sctp: stream: fully roll back denied add-stream state", "id": "2492108", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2492108"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-825", "details": ["A flaw was found in the Linux kernel's Stream Control Transmission Protocol (SCTP) stream handling. When an attempt to add outgoing streams is denied, the system fails to fully roll back the associated state. This incomplete rollback can leave behind stale stream metadata, which a subsequent stream re-addition can then reuse. This can lead to a null-pointer dereference, potentially causing a system crash and resulting in a Denial of Service (DoS)."], "name": "CVE-2026-52929", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-06-24T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-52929\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-52929\nhttps://lore.kernel.org/linux-cve-announce/2026062432-CVE-2026-52929-63ee@gregkh/T"], "threat_severity": "Moderate"}