CVE-2026-53082
Received Received - Intake
Heap Buffer Overflow in Linux Kernel 6pack Driver

Publication date: 2026-06-24

Last updated on: 2026-06-24

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: net: hamradio: 6pack: fix uninit-value in sixpack_receive_buf sixpack_receive_buf() does not properly skip bytes with TTY error flags. The while loop iterates through the flags buffer but never advances the data pointer (cp), and passes the original count (including error bytes) to sixpack_decode(). This causes sixpack_decode() to process bytes that should have been skipped due to TTY errors. The TTY layer does not guarantee that cp[i] holds a meaningful value when fp[i] is set, so passing those positions to sixpack_decode() results in KMSAN reporting an uninit-value read. Fix this by processing bytes one at a time, advancing cp on each iteration, and only passing valid (non-error) bytes to sixpack_decode(). This matches the pattern used by slip_receive_buf() and mkiss_receive_buf() for the same purpose.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-24
Last Modified
2026-06-24
Generated
2026-06-25
AI Q&A
2026-06-24
EPSS Evaluated
N/A
NVD
CVE-2026-53082
EUVD
EUVD-2026-38950
Affected Vendors & Products
Currently, no data is known.
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linux kernel's hamradio 6pack driver, specifically in the function sixpack_receive_buf(). The function does not properly skip bytes that have TTY error flags. While iterating through the flags buffer, the data pointer is not advanced, causing the function sixpack_decode() to process bytes that should have been skipped due to errors. Since the TTY layer does not guarantee meaningful values for bytes marked with error flags, this leads to reading uninitialized values, which is detected by KMSAN (Kernel Memory Sanitizer). The fix involves processing bytes one at a time, advancing the data pointer on each iteration, and only passing valid bytes without errors to sixpack_decode().

Impact Analysis

This vulnerability can lead to the Linux kernel reading uninitialized memory values when processing certain data in the hamradio 6pack driver. While the description does not explicitly mention direct security impacts such as privilege escalation or denial of service, reading uninitialized memory can potentially cause unpredictable behavior, system instability, or information leakage depending on how the uninitialized data is used.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-53082. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart