CVE-2026-53082
Awaiting Analysis Awaiting Analysis - Queue

Heap Buffer Overflow in Linux Kernel 6pack Driver

Vulnerability report for CVE-2026-53082, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-24

Last updated on: 2026-07-14

Assigner: kernel.org

Description

In the Linux kernel, the following vulnerability has been resolved: net: hamradio: 6pack: fix uninit-value in sixpack_receive_buf sixpack_receive_buf() does not properly skip bytes with TTY error flags. The while loop iterates through the flags buffer but never advances the data pointer (cp), and passes the original count (including error bytes) to sixpack_decode(). This causes sixpack_decode() to process bytes that should have been skipped due to TTY errors. The TTY layer does not guarantee that cp[i] holds a meaningful value when fp[i] is set, so passing those positions to sixpack_decode() results in KMSAN reporting an uninit-value read. Fix this by processing bytes one at a time, advancing cp on each iteration, and only passing valid (non-error) bytes to sixpack_decode(). This matches the pattern used by slip_receive_buf() and mkiss_receive_buf() for the same purpose.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-24
Last Modified
2026-07-14
Generated
2026-07-15
AI Q&A
2026-06-24
EPSS Evaluated
2026-07-13
NVD
EUVD

Affected Vendors & Products

Currently, no data is known.

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linux kernel's hamradio 6pack driver, specifically in the function sixpack_receive_buf(). The function does not properly skip bytes that have TTY error flags. While iterating through the flags buffer, the data pointer is not advanced, causing the function sixpack_decode() to process bytes that should have been skipped due to errors. Since the TTY layer does not guarantee meaningful values for bytes marked with error flags, this leads to reading uninitialized values, which is detected by KMSAN (Kernel Memory Sanitizer). The fix involves processing bytes one at a time, advancing the data pointer on each iteration, and only passing valid bytes without errors to sixpack_decode().

Impact Analysis

This vulnerability can lead to the Linux kernel reading uninitialized memory values when processing certain data in the hamradio 6pack driver. While the description does not explicitly mention direct security impacts such as privilege escalation or denial of service, reading uninitialized memory can potentially cause unpredictable behavior, system instability, or information leakage depending on how the uninitialized data is used.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-53082. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart