HOMEVULNERABILITIESCVE-2026-53245
NONE

CVE-2026-53245

Published: June 25, 2026· Updated: Jun 30, 2026

EPSS:0.18%probability of exploitation in 30 daysPercentile:8.2th

Official Description

In the Linux kernel, the following vulnerability has been resolved:

net/802/mrp: fix vector attribute parsing in mrp_pdu_parse_vecattr

In mrp_pdu_parse_vecattr(), vector attribute events are encoded three

per byte and valen tracks the number of events left to process.

The parser decrements valen after processing the first and second events

from each event byte, but not after processing the third one. When valen

is exactly a multiple of three, the loop continues after the last valid

event and consumes the next byte as a new event byte, applying a

spurious event to the MRP applicant state.

Additionally, when valen is zero the parser unconditionally consumes

attrlen bytes as FirstValue and advances the offset, even though per

IEEE 802.1ak a VectorAttribute with only a LeaveAllEvent has valen of

zero and no FirstValue or Vector fields. This corrupts the offset for

subsequent PDU parsing.

Also, when valen exceeds three the loop crosses byte boundaries but

the attribute value is not incremented between the last event of one

byte and the first event of the next. This causes the first event of

the next byte to use the same attribute value as the third event

rather than the next consecutive value.

Decrement valen after processing the third event, skip FirstValue

consumption when valen is zero, and increment the attribute value at

the end of each loop iteration.

NVD Source

Technical Analysis

CVE-2026-53245 requires local access, meaning attackers must already have a foothold on the target system.

Exploitation requires some privileges, which limits the exposure to scenarios where an attacker has already gained initial access.

Affected Vendors & Products

Mentioned vendors (from description):
Linux
CPE data not yet available in NVD for this CVE.

Exploit & PoC Resources

NO KNOWN EXPLOITNo public exploit confirmed at this time
External links open in a new tab. Always verify in a controlled environment before use.

All References (8)

Quick Facts

CVE IDCVE-2026-53245
SeverityNONE
CISA KEVNo
EPSS (30d)0.18%
PublishedJun 25, 2026

Recommended Actions

  • Apply vendor patches immediately
  • Monitor CVE-2026-53245 in threat intel feeds
  • Review IDS/IPS signatures for exploitation attempts
Data sourced from NVD (NIST), CISA KEV, and EPSS (FIRST). Analysis generated by CTIWATCH.COM. CVE data is provided under the NVD usage policy.