CVE-2026-52937

Description

In the Linux kernel, the following vulnerability has been resolved: tap: fix stack info leak in tap_ioctl() SIOCGIFHWADDR In the SIOCGIFHWADDR path, tap_ioctl() copies 16 bytes of an uninitialised on-stack struct sockaddr_storage to userspace via ifr_hwaddr, but netif_get_mac_address() only writes sa_family and dev->addr_len (6 for Ethernet) bytes, leaving sa_data[6..13] uninitialised. Those 8 trailing bytes leak kernel stack contents; SIOCGIFHWADDR on a macvtap chardev returns kernel .text and direct-map pointers, defeating KASLR. Initialise ss at declaration.

Affected products

• Linux / Linux3b23a32a63219f51a5298bc55a65ecee866e79d0 – 719007c3492f0f1f9e9cdbed8ac45ba45bb13eeb
• Linux / Linux3b23a32a63219f51a5298bc55a65ecee866e79d0 – 05305e832be7b9d65b2b72caacf7d850b3942b2a
• Linux / Linux3b23a32a63219f51a5298bc55a65ecee866e79d0 – bddc09212c24934643bd44fc794748d2bbb3b6cd
• Linux / Linux176188cff67ec1aa55103647b61d02315cc38e98 – 176188cff67ec1aa55103647b61d02315cc38e98
• Linux / Linux1fc205d9e400f069ebf30d3faa6ec2bab2cbd7b4 – 1fc205d9e400f069ebf30d3faa6ec2bab2cbd7b4
• Linux / Linux4d0ae760c02c98fc78b78d3a0509896bc648ad1c – 4d0ae760c02c98fc78b78d3a0509896bc648ad1c
• Linux / Linux5.4.103 – 5.5
• Linux / Linux5.10.21 – 5.11
• Linux / Linux5.11.4 – 5.12
• Linux / Linux5.12 – 5.12
• Linux / Linux0 – 5.12
• Linux / Linux6.18.34 – 6.18.*
• Linux / Linux7.0.11 – 7.0.*
• Linux / Linux7.1 – *

References

• MISChttps://git.kernel.org/stable/c/719007c3492f0f1f9e9cdbed8ac45ba45bb13eeb
• MISChttps://git.kernel.org/stable/c/05305e832be7b9d65b2b72caacf7d850b3942b2a
• MISChttps://git.kernel.org/stable/c/bddc09212c24934643bd44fc794748d2bbb3b6cd