U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Vulnerability Change Records for CVE-2026-52929

Change History

New CVE Received from kernel.org 6/24/2026 4:16:23 AM

Action Type Old Value New Value
Added Description

                  
                
              
In the Linux kernel, the following vulnerability has been resolved:

sctp: stream: fully roll back denied add-stream state

When ADD_OUT_STREAMS is denied, SCTP only shrinks the queued chunks and
then lowers outcnt. That leaves removed stream metadata behind, so a
later re-add can reuse a stale ext and hit a null-pointer dereference in
the scheduler get path.

Fix the rollback by tearing down the removed stream state the same way
other stream resizes do. Unschedule the current scheduler state, drop
the removed stream ext state with sctp_stream_outq_migrate(), and then
reschedule the remaining streams.

This keeps scheduler-private RR/FC/PRIO lists consistent while fully
rolling back denied outgoing stream additions.
Added Reference

                  
                
              
https://git.kernel.org/stable/c/0cd2dc6dce8ca47212cd306ccd52eb315ef3cf85
Added Reference

                  
                
              
https://git.kernel.org/stable/c/1c6773b8c081509dcd5cd2954f2b02c50c00f151
Added Reference

                  
                
              
https://git.kernel.org/stable/c/39dc2b0eb5371a669ebc9ec6072b9184eac95418
Added Reference

                  
                
              
https://git.kernel.org/stable/c/7dd9a42b044aad2dbe037db1c1e2943582485b44
Added Reference

                  
                
              
https://git.kernel.org/stable/c/9662eb0401518f0b4681f10e7fbf688f504f24cf
Added Reference

                  
                
              
https://git.kernel.org/stable/c/a5f8a90ac9f77c678a9781c0a464b635e0d63e49
Added Reference

                  
                
              
https://git.kernel.org/stable/c/a6724b7b812ac8793514a1d5938db5d9d29ae725
Added Reference

                  
                
              
https://git.kernel.org/stable/c/d5ea0b3e261fcb2cfff142675516165244cab1da
Added Affected

                  
                
              
[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["net/sctp/stream.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"637784ade221a3c8a7ecd0f583eddd95d6276b9a","lessThan":"0cd2dc6dce8ca47212cd306ccd52eb315ef3cf85","versionType":"git","status":"affected"},{"version":"637784ade221a3c8a7ecd0f583eddd95d6276b9a","lessThan":"a6724b7b812ac8793514a1d5938db5d9d29ae725","versionType":"git","status":"affected"},{"version":"637784ade221a3c8a7ecd0f583eddd95d6276b9a","lessThan":"9662eb0401518f0b4681f10e7fbf688f504f24cf","versionType":"git","status":"affected"},{"version":"637784ade221a3c8a7ecd0f583eddd95d6276b9a","lessThan":"7dd9a42b044aad2dbe037db1c1e2943582485b44","versionType":"git","status":"affected"},{"version":"637784ade221a3c8a7ecd0f583eddd95d6276b9a","lessThan":"39dc2b0eb5371a669ebc9ec6072b9184eac95418","versionType":"git","status":"affected"},{"version":"637784ade221a3c8a7ecd0f583eddd95d6276b9a","lessThan":"d5ea0b3e261fcb2cfff142675516165244cab1da","versionType":"git","status":"affected"},{"version":"637784ade221a3c8a7ecd0f583eddd95d6276b9a","lessThan":"1c6773b8c081509dcd5cd2954f2b02c50c00f151","versionType":"git","status":"affected"},{"version":"637784ade221a3c8a7ecd0f583eddd95d6276b9a","lessThan":"a5f8a90ac9f77c678a9781c0a464b635e0d63e49","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["net/sctp/stream.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"4.15","status":"affected"},{"version":"0","lessThan":"4.15","versionType":"semver","status":"unaffected"},{"version":"5.10.259","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.210","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.176","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.143","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.94","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.36","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.13","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]