CVE-2026-52993

Source
https://cve.org/CVERecord?id=CVE-2026-52993
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-52993.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-52993
Downstream
Related
Published
2026-06-24T16:29:06.475Z
Modified
2026-07-12T03:55:06.792326599Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
tipc: fix double-free in tipc_buf_append()
Details

In the Linux kernel, the following vulnerability has been resolved:

tipc: fix double-free in tipcbufappend()

tipcmsgvalidate() can potentially reallocate the skb it is validating, freeing the old one. In tipcbufappend(), it was being called with a pointer to a local variable which was a copy of the caller's skb pointer.

If the skb was reallocated and validation subsequently failed, the error handling path would free the original skb pointer, which had already been freed, leading to double-free.

Fix this by checking if head now points to a newly allocated reassembled skb. If it does, reassign *headbuf for later freeing operations.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/52xxx/CVE-2026-52993.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
d618d09a68e4eed7a435beb2e355250f6f40664a
Fixed
a438975a6dcdbd70865978c021650d1485586f0b
Fixed
4ee4deadaae7cb2e3d53af0fc889cf92a73413c0
Fixed
d3556656c6daebf8def751c7e71d11dd0a180d24
Fixed
0274f24485fc38032d4093e463dc3ff5c7a667c9
Fixed
4d104882bc815d4ec666ace9155f5f52715879a6
Fixed
1d5e589055880fae229e229e1929e087dbe08cf3
Fixed
29940fff14110ca48c5ccc168d121665b51bb778
Fixed
d293ca716e7d5dffdaecaf6b9b2f857a33dc3d3a

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-52993.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.15.0
Fixed
5.10.258
Type
ECOSYSTEM
Events
Introduced
5.11.0
Fixed
5.15.209
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
6.1.175
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.141
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.91
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.18.33
Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
7.0.10

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-52993.json"