CVE-2026-53263
MediumCVSS 5.5Exploitation Probability (EPSS)
Low risk7th percentile — higher than 7% of all known CVEs
Summary
In the Linux kernel, an off-by-one vulnerability in the 6LoWPAN multicast address compression function corrupts the RIID field and leaks uninitialized kernel stack memory over the network.
Risk Assessment
The organization risks disclosure of sensitive kernel memory contents and potential disruption of 6LoWPAN-based IoT communications.
Recommendation
Apply the Linux kernel patch addressing CVE-2026-53263 or update to a kernel version containing the fix.
Original NVD description (English source)
In the Linux kernel, the following vulnerability has been resolved: 6lowpan: fix off-by-one in multicast context address compression The second memcpy in lowpan_iphc_mcast_ctx_addr_compress() uses &data[1] as destination and &ipaddr->s6_addr[11] as source, but both should be offset by one: &data[2] and &ipaddr->s6_addr[12] respectively. This off-by-one has two consequences: 1. data[1] is overwritten with s6_addr[11], corrupting the RIID field in the compressed multicast address 2. data[5] is never written, so uninitialized kernel stack memory is transmitted over the network via lowpan_push_hc_data(), leaking kernel stack contents The correct inline data layout must match what the decompression function lowpan_uncompress_multicast_ctx_daddr() expects: data[0..1] = s6_addr[1..2] (flags/scope + RIID) data[2..5] = s6_addr[12..15] (group ID) Also zero-initialize the data array as a defensive measure against similar bugs in the future.

