Description
In the Linux kernel, the following vulnerability has been resolved:

netfilter: conntrack_irc: fix possible out-of-bounds read

When parsing fails after we've matched the command string we
should bail out instead of trying to match a different command.

This helper should be deprecated, given prevalence of TLS I doubt it has
any relevance in 2026.
Published: 2026-06-25
Score: 8.2 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability resides in the Linux kernel’s netfilter conntrack IRC helper, where a malformed command string can cause an out-of-bounds read. This read occurs after a parsing failure during a command match and may expose sensitive kernel memory contents, representing a potential information disclosure.

Affected Systems

All configurations of the Linux kernel that enable the netfilter conntrack IRC helper are potentially affected. No specific upstream kernel release or version range is listed in the advisory, so any kernel version with the helper enabled during the time of the vulnerability could be impacted.

Risk and Exploitability

The CVSS score of 8.2 indicates moderate to high severity, but the EPSS score of <1% suggests a low likelihood of exploitation. The vulnerability is not listed in CISA’s KEV catalog. Based on the description, it is inferred that an attacker would need remote network access to send a crafted IRC packet to a host with the helper active, potentially triggering a parsing failure that leads to an out-of-bounds read. Given the low EPSS and the rarity of the vulnerable helper in modern implementations, the overall risk is moderate but the probability of exploitation is low.

Generated by OpenCVE AI on June 28, 2026 at 14:04 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Linux kernel to a version that includes the conntrack_irc patch referenced in the advisory.
  • If a kernel update is not possible, disable the conntrack IRC helper module or configure netfilter to block IRC traffic.
  • Monitor network traffic for abnormal IRC packets and audit system logs for signs of out-of-bounds read attempts.

Generated by OpenCVE AI on June 28, 2026 at 14:04 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DLA Debian DLA DLA-4664-1 linux security update
Debian DLA Debian DLA DLA-4665-1 linux security update
Debian DLA Debian DLA DLA-4671-1 linux-6.1 security update
History

Sun, 28 Jun 2026 08:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

cvssV3_1

{'score': 8.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H'}


Fri, 26 Jun 2026 15:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-788

Fri, 26 Jun 2026 12:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-125
References
Metrics threat_severity

None

cvssV3_1

{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

threat_severity

Moderate


Thu, 25 Jun 2026 12:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-788

Thu, 25 Jun 2026 09:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack_irc: fix possible out-of-bounds read When parsing fails after we've matched the command string we should bail out instead of trying to match a different command. This helper should be deprecated, given prevalence of TLS I doubt it has any relevance in 2026.
Title netfilter: conntrack_irc: fix possible out-of-bounds read
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-06-28T06:41:12.729Z

Reserved: 2026-06-09T07:44:35.395Z

Link: CVE-2026-53268

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-06-25T00:00:00Z

Links: CVE-2026-53268 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-28T14:15:08Z

Weaknesses