CVE-2026-52928

Source
https://cve.org/CVERecord?id=CVE-2026-52928
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-52928.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-52928
Downstream
Published
2026-06-24T07:14:21.367Z
Modified
2026-07-10T03:54:21.043620821Z
Summary
af_unix: Reject SIOCATMARK on non-stream sockets
Details

In the Linux kernel, the following vulnerability has been resolved:

af_unix: Reject SIOCATMARK on non-stream sockets

SIOCATMARK reports whether the receive queue is at the urgent mark for MSG_OOB.

In AFUNIX, MSGOOB is supported only for SOCKSTREAM sockets. SOCKDGRAM and SOCKSEQPACKET reject MSGOOB in sendmsg() and recvmsg(), so they should not support SIOCATMARK either.

Return -EOPNOTSUPP for non-stream sockets before checking the receive queue.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/52xxx/CVE-2026-52928.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
314001f0bf927015e459c9d387d62a231fe93af3
Fixed
ec123873fdc83e7244c8ed6d17b8f8ea6c416a67
Fixed
f085971de6d6b8ef946a5e0bcd73ff24509a0f85
Fixed
b741c9c6ef59f17c1f104ddf1217ef77f79ed29b
Fixed
645b1ed3259af38b7814242a420bc2081bdd1eb6
Fixed
c34c41446acf6c0d13b5b06c809be11e0f7f2729
Fixed
3147ddf5a41c20c45c2eb69e00b62f10f822056a
Fixed
d119775f2bad827edc28071c061fdd4a91f889a5

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-52928.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.15.0
Fixed
5.15.211
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
6.1.177
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.144
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.88
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.18.30
Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
7.0.7

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-52928.json"