-

CVE-2026-53082

net: hamradio: 6pack: fix uninit-value in sixpack_receive_buf

In the Linux kernel, the following vulnerability has been resolved:

net: hamradio: 6pack: fix uninit-value in sixpack_receive_buf

sixpack_receive_buf() does not properly skip bytes with TTY error flags.
The while loop iterates through the flags buffer but never advances the
data pointer (cp), and passes the original count (including error bytes)
to sixpack_decode(). This causes sixpack_decode() to process bytes that
should have been skipped due to TTY errors.  The TTY layer does not
guarantee that cp[i] holds a meaningful value when fp[i] is set, so
passing those positions to sixpack_decode() results in KMSAN reporting
an uninit-value read.

Fix this by processing bytes one at a time, advancing cp on each
iteration, and only passing valid (non-error) bytes to sixpack_decode().
This matches the pattern used by slip_receive_buf() and
mkiss_receive_buf() for the same purpose.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerLinux
Produkt Linux
Default Statusunaffected
Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Version < 1d3abf0c3ddeefc6f6d913aa129acc06fce8240a
Status affected
Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Version < d4cceb5184538613572fb79319453f281b1eeacb
Status affected
Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Version < 2951656b0de00153f2687f3a093890bce72b6215
Status affected
Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Version < e9cf4018d74237d142cd66243c821d13593270f0
Status affected
Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Version < d9ce2a4b679122397d7f35bad7be46913ad1ca80
Status affected
Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Version < 987af7625ceb1ee59d70eb0abd7af11c75e45d79
Status affected
Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Version < 578f3aba427c938fecfa0d8c83d9acb213a9b24a
Status affected
Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Version < bf9a38803b2626b01cc769aaf13485d8650f576f
Status affected
HerstellerLinux
Produkt Linux
Default Statusaffected
Version 2.6.12
Status affected
Version 0
Version < 2.6.12
Status unaffected
Version <= 5.10.*
Version 5.10.258
Status unaffected
Version <= 5.15.*
Version 5.15.209
Status unaffected
Version <= 6.1.*
Version 6.1.175
Status unaffected
Version <= 6.6.*
Version 6.6.141
Status unaffected
Version <= 6.12.*
Version 6.12.91
Status unaffected
Version <= 6.18.*
Version 6.18.33
Status unaffected
Version <= 7.0.*
Version 7.0.10
Status unaffected
Version <= *
Version 7.1
Status unaffected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.16% 0.06
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://git.kernel.org/stable/c/1d3abf0c3ddeefc6f6d913aa129acc06fce8240a
https://git.kernel.org/stable/c/d4cceb5184538613572fb79319453f281b1eeacb
https://git.kernel.org/stable/c/2951656b0de00153f2687f3a093890bce72b6215
https://git.kernel.org/stable/c/e9cf4018d74237d142cd66243c821d13593270f0
https://git.kernel.org/stable/c/d9ce2a4b679122397d7f35bad7be46913ad1ca80
https://git.kernel.org/stable/c/987af7625ceb1ee59d70eb0abd7af11c75e45d79
https://git.kernel.org/stable/c/578f3aba427c938fecfa0d8c83d9acb213a9b24a
https://git.kernel.org/stable/c/bf9a38803b2626b01cc769aaf13485d8650f576f