{"@context":"https://openvex.dev/ns/v0.2.0","@id":"https://database.harborguard.co/cve/CVE-2026-53225/vex.json","author":"HarborGuard Database","role":"Document Creator","timestamp":"2026-06-28T06:40:37.092Z","version":1,"tooling":"HarborGuard Database (https://database.harborguard.co)","statements":[{"vulnerability":{"name":"CVE-2026-53225","@id":"https://www.cve.org/CVERecord?id=CVE-2026-53225","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: fix uninit-value in __sctp_rcv_asconf_lookup()\n\n__sctp_rcv_asconf_lookup() in net/sctp/input.c only checks that the ASCONF\nchunk can hold the ADDIP header and a parameter header, then calls\naf->from_addr_param(), which reads the full address (16 bytes for IPv6)\ntrusting the parameter's declared length.\n\nAn unauthenticated peer can send a truncated trailing ASCONF chunk that\ndeclares an IPv6 address parameter but stops aft"},"products":[{"@id":"cpe:2.3:a:linux:linux:*:*:*:*:*:*:*:*","identifiers":{"cpe23":"cpe:2.3:a:linux:linux:*:*:*:*:*:*:*:*"}},{"@id":"cpe:2.3:a:linux:linux:2.6.25:*:*:*:*:*:*:*","identifiers":{"cpe23":"cpe:2.3:a:linux:linux:2.6.25:*:*:*:*:*:*:*"}}],"status":"affected","action_statement":"Update to a fixed version: 0, 446e0ecd845abc394b24ae2030a883572bec9d16, 5.10.259, 5.15.210, 6.1.176, 6.6.143, 6.12.94, 6.18.36, 7.0.13, 7.1, 8ce96f1182644079249a24ac7e2ffc32e0301a46, 8e86817b8af4d552f3c6fe04ca52bb0c8c57411d, 928dd94db23e8ba340f83d68f7f24d831b7a4426, d6bd0bb7697ea8c0387b0d9d973453f479017b23, d796cfd06074b579d265b28401306cadd30db945, f76a8b323e28e0951f979dbef20a7496383c47df, f8373d7090b745728de66308deeecc67e8d319ce.","timestamp":"2026-06-28T06:40:37.092Z"}]}