CVE 9.8 CRITICAL

netfilter: conntrack: remove sprintf usage_CVE-2026-53002

9.8 / 10
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

In the Linux kernel, the following vulnerability has been resolved:

netfilter: conntrack: remove sprintf usage

Replace it with scnprintf, the buffer sizes are expected to be large enough
to hold the result, no need for snprintf+overflow check.

Increase buffer size in mangle_content_len() while at it.

BUG: KASAN: stack-out-of-bounds in vsnprintf+0xea5/0x1270
Write of size 1 at addr [..]
vsnprintf+0xea5/0x1270
sprintf+0xb1/0xe0
mangle_content_len+0x1ac/0x280
nf_nat_sdp_session+0x1cc/0x240
process_sdp+0x8f8/0xb80
process_invite_request+0x108/0x2b0
process_sip_msg+0x5da/0xf50
sip_help_tcp+0x45e/0x780
nf_confirm+0x34d/0x990
[..]

AI Analysis

Stack-based buffer overflow vulnerability in the Linux kernel's netfilter subsystem

Basic Information

ID CVE-2026-53002
Source Linux
Published Jun 24, 2026 at 16:29
Modified Jun 28, 2026 at 06:37

Affected Product

Vendor Linux
Product Linux
Version 9fafcd7b203229c3f3893a475741afc27e276306
Affected Versions Linux Linux 9fafcd7b203229c3f3893a475741afc27e276306
Linux Linux 9fafcd7b203229c3f3893a475741afc27e276306
Linux Linux 9fafcd7b203229c3f3893a475741afc27e276306
Linux Linux 9fafcd7b203229c3f3893a475741afc27e276306
Linux Linux 9fafcd7b203229c3f3893a475741afc27e276306
Linux Linux 9fafcd7b203229c3f3893a475741afc27e276306
Linux Linux 9fafcd7b203229c3f3893a475741afc27e276306
Linux Linux 9fafcd7b203229c3f3893a475741afc27e276306
Linux Linux 2.6.20

AI Assessment

AI Score 9.8 / 10
AI Severity Critical
Vendor Linux
Product Linux Kernel
Version 2.6.20, 9fafcd7b203229c3f3893a475741afc27e276306

References

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.