Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2026-52993
PUBLISHED
More InfoOfficial Page
Assigner-Linux
Assigner Org ID-416baaa9-dc9f-4396-8d5f-8c081fb06d67
View Known Exploited Vulnerability (KEV) details
Published At-24 Jun, 2026 | 16:29
Updated At-30 Jun, 2026 | 12:09
Rejected At-
▼CVE Numbering Authority (CNA)
tipc: fix double-free in tipc_buf_append()

In the Linux kernel, the following vulnerability has been resolved: tipc: fix double-free in tipc_buf_append() tipc_msg_validate() can potentially reallocate the skb it is validating, freeing the old one. In tipc_buf_append(), it was being called with a pointer to a local variable which was a copy of the caller's skb pointer. If the skb was reallocated and validation subsequently failed, the error handling path would free the original skb pointer, which had already been freed, leading to double-free. Fix this by checking if head now points to a newly allocated reassembled skb. If it does, reassign *headbuf for later freeing operations.

Affected Products
Vendor
Linux Kernel Organization, IncLinux
Product
Linux
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Program Files
  • net/tipc/msg.c
Default Status
unaffected
Versions
Affected
  • From d618d09a68e4eed7a435beb2e355250f6f40664a before a438975a6dcdbd70865978c021650d1485586f0b (git)
  • From d618d09a68e4eed7a435beb2e355250f6f40664a before 4ee4deadaae7cb2e3d53af0fc889cf92a73413c0 (git)
  • From d618d09a68e4eed7a435beb2e355250f6f40664a before d3556656c6daebf8def751c7e71d11dd0a180d24 (git)
  • From d618d09a68e4eed7a435beb2e355250f6f40664a before 0274f24485fc38032d4093e463dc3ff5c7a667c9 (git)
  • From d618d09a68e4eed7a435beb2e355250f6f40664a before 4d104882bc815d4ec666ace9155f5f52715879a6 (git)
  • From d618d09a68e4eed7a435beb2e355250f6f40664a before 1d5e589055880fae229e229e1929e087dbe08cf3 (git)
  • From d618d09a68e4eed7a435beb2e355250f6f40664a before 29940fff14110ca48c5ccc168d121665b51bb778 (git)
  • From d618d09a68e4eed7a435beb2e355250f6f40664a before d293ca716e7d5dffdaecaf6b9b2f857a33dc3d3a (git)
Vendor
Linux Kernel Organization, IncLinux
Product
Linux
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Program Files
  • net/tipc/msg.c
Default Status
affected
Versions
Affected
  • 4.15
Unaffected
  • From 0 before 4.15 (semver)
  • From 5.10.258 through 5.10.* (semver)
  • From 5.15.209 through 5.15.* (semver)
  • From 6.1.175 through 6.1.* (semver)
  • From 6.6.141 through 6.6.* (semver)
  • From 6.12.91 through 6.12.* (semver)
  • From 6.18.33 through 6.18.* (semver)
  • From 7.0.10 through 7.0.* (semver)
  • From 7.1 through * (original_commit_for_fix)
Metrics
VersionBase scoreBase severityVector
3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://git.kernel.org/stable/c/a438975a6dcdbd70865978c021650d1485586f0b
N/A
https://git.kernel.org/stable/c/4ee4deadaae7cb2e3d53af0fc889cf92a73413c0
N/A
https://git.kernel.org/stable/c/d3556656c6daebf8def751c7e71d11dd0a180d24
N/A
https://git.kernel.org/stable/c/0274f24485fc38032d4093e463dc3ff5c7a667c9
N/A
https://git.kernel.org/stable/c/4d104882bc815d4ec666ace9155f5f52715879a6
N/A
https://git.kernel.org/stable/c/1d5e589055880fae229e229e1929e087dbe08cf3
N/A
https://git.kernel.org/stable/c/29940fff14110ca48c5ccc168d121665b51bb778
N/A
https://git.kernel.org/stable/c/d293ca716e7d5dffdaecaf6b9b2f857a33dc3d3a
N/A
Hyperlink: https://git.kernel.org/stable/c/a438975a6dcdbd70865978c021650d1485586f0b
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/4ee4deadaae7cb2e3d53af0fc889cf92a73413c0
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/d3556656c6daebf8def751c7e71d11dd0a180d24
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/0274f24485fc38032d4093e463dc3ff5c7a667c9
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/4d104882bc815d4ec666ace9155f5f52715879a6
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/1d5e589055880fae229e229e1929e087dbe08cf3
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/29940fff14110ca48c5ccc168d121665b51bb778
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/d293ca716e7d5dffdaecaf6b9b2f857a33dc3d3a
Resource: N/A
▼Authorized Data Publishers (ADP)
kernel: tipc: fix double-free in tipc_buf_append()

A flaw was found in the Linux kernel's Transparent Inter-Process Communication (TIPC) module. This vulnerability, a double-free, occurs when the `tipc_buf_append()` function incorrectly handles memory after a socket buffer (skb) reallocation. An attacker could potentially exploit this to cause system instability or a denial of service. In some scenarios, this type of memory corruption could also lead to arbitrary code execution.

Affected Products
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 10
CPEs
  • cpe:/o:redhat:enterprise_linux:10
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 8
CPEs
  • cpe:/o:redhat:enterprise_linux:8
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 9
CPEs
  • cpe:/o:redhat:enterprise_linux:9
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 6
CPEs
  • cpe:/o:redhat:enterprise_linux:6
Default Status
unaffected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 7
CPEs
  • cpe:/o:redhat:enterprise_linux:7
Default Status
unaffected
Problem Types
TypeCWE IDDescription
CWECWE-763Release of Invalid Pointer or Reference
Type: CWE
CWE ID: CWE-763
Description: Release of Invalid Pointer or Reference
Metrics
VersionBase scoreBase severityVector
3.17.0HIGH
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 7.0
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Red Hat severity rating
value:
Important
namespace:
https://access.redhat.com/security/updates/classification/
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Reported to Red Hat.2026-06-24 00:00:00
Made public.2026-06-24 00:00:00
Event: Reported to Red Hat.
Date: 2026-06-24 00:00:00
Event: Made public.
Date: 2026-06-24 00:00:00
Replaced By

Rejected Reason

References
HyperlinkResource
https://access.redhat.com/security/cve/CVE-2026-52993
vdb-entry
x_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2492437
issue-tracking
x_refsource_REDHAT
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-52993.json
x_sadp-csaf-vex
Hyperlink: https://access.redhat.com/security/cve/CVE-2026-52993
Resource:
vdb-entry
x_refsource_REDHAT
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=2492437
Resource:
issue-tracking
x_refsource_REDHAT
Hyperlink: https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-52993.json
Resource:
x_sadp-csaf-vex
Details not found