CVE-2026-53002
CriticalCVSS 9.8Exploitation Probability (EPSS)
Low risk27th percentile — higher than 27% of all known CVEs
Summary
In the Linux kernel netfilter/conntrack subsystem, a stack-out-of-bounds write vulnerability was found in the mangle_content_len() function. The fix replaces sprintf() with scnprintf() and increases the buffer size.
Risk Assessment
The vulnerability may cause system crashes (kernel panic) or potentially privilege escalation when processing crafted SIP packets, threatening system stability and security.
Recommendation
Immediately update the Linux kernel to a version containing the fix (commit removing sprintf in netfilter/conntrack). Monitor your distribution for the patch release.
Original NVD description (English source)
In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack: remove sprintf usage Replace it with scnprintf, the buffer sizes are expected to be large enough to hold the result, no need for snprintf+overflow check. Increase buffer size in mangle_content_len() while at it. BUG: KASAN: stack-out-of-bounds in vsnprintf+0xea5/0x1270 Write of size 1 at addr [..] vsnprintf+0xea5/0x1270 sprintf+0xb1/0xe0 mangle_content_len+0x1ac/0x280 nf_nat_sdp_session+0x1cc/0x240 process_sdp+0x8f8/0xb80 process_invite_request+0x108/0x2b0 process_sip_msg+0x5da/0xf50 sip_help_tcp+0x45e/0x780 nf_confirm+0x34d/0x990 [..]

