rxrpc: Fix rxkad crypto unalignment handling_CVE-2026-46085

7.5 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Description

In the Linux kernel, the following vulnerability has been resolved:

rxrpc: Fix rxkad crypto unalignment handling

Fix handling of a packet with a misaligned crypto length. Also handle
non-ENOMEM errors from decryption by aborting. Further, remove the
WARN_ON_ONCE() so that it can't be remotely triggered (a trace line can
still be emitted).

Basic Information

ID CVE-2026-46085

Source Linux

Published May 27, 2026 at 12:58

Modified May 30, 2026 at 10:47

Affected Product

Vendor Linux

Product Linux

Version 9853917f9edf08efb0b55c26d9eb8340f126d9e9

Affected Versions Linux Linux 9853917f9edf08efb0b55c26d9eb8340f126d9e9
Linux Linux e9c369d58785044427450350ad32d6a2497fb379
Linux Linux bf4d6e4a6856eedeb7f66eb91224115bfff4e2cb
Linux Linux f93af41b9f5f798823d0d0fb8765c2a936d76270
Linux Linux f93af41b9f5f798823d0d0fb8765c2a936d76270
Linux Linux 5cdf57eda01a1ffaeb61ac39ec4dcc94a690431e
Linux Linux 6.6.135
Linux Linux 6.12.82
Linux Linux 6.18.23
Linux Linux 6.19.13
Linux Linux 7.0

References

{
    "lastseen": "",
    "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nrxrpc: Fix rxkad crypto unalignment handling\n\nFix handling of a packet with a misaligned crypto length.  Also handle\nnon-ENOMEM errors from decryption by aborting.  Further, remove the\nWARN_ON_ONCE() so that it can't be remotely triggered (a trace line can\nstill be emitted).",
    "published": "2026-05-27T12:58:27.125Z",
    "modified": "2026-05-30T10:47:22.826Z",
    "type": "cve",
    "title": "rxrpc: Fix rxkad crypto unalignment handling",
    "source": "Linux",
    "references": "https://git.kernel.org/stable/c/f1c6bd0cc786a8fa74829ce3c4b3673944a308f4\nhttps://git.kernel.org/stable/c/440d20d95e844b657a93a0b2dcc2aae155efdce6\nhttps://git.kernel.org/stable/c/f0d3efd03b2a9e0f1ffa6df8fcb264af3d494286\nhttps://git.kernel.org/stable/c/af9271eb666d07b6f65612dc160a47f7cb5220ed\nhttps://git.kernel.org/stable/c/def304aae2edf321d2671fd6ca766a93c21f877e",
    "id": "CVE-2026-46085",
    "bulletinFamily": "",
    "cwe": null,
    "cvelist": null,
    "sourceData": "Linux Linux 9853917f9edf08efb0b55c26d9eb8340f126d9e9\nLinux Linux e9c369d58785044427450350ad32d6a2497fb379\nLinux Linux bf4d6e4a6856eedeb7f66eb91224115bfff4e2cb\nLinux Linux f93af41b9f5f798823d0d0fb8765c2a936d76270\nLinux Linux f93af41b9f5f798823d0d0fb8765c2a936d76270\nLinux Linux 5cdf57eda01a1ffaeb61ac39ec4dcc94a690431e\nLinux Linux 6.6.135\nLinux Linux 6.12.82\nLinux Linux 6.18.23\nLinux Linux 6.19.13\nLinux Linux 7.0",
    "sourceHref": "",
    "cvss": {
        "score": 7.5,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Linux",
    "version": "9853917f9edf08efb0b55c26d9eb8340f126d9e9",
    "vendor": "Linux",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Description

Basic Information

Affected Product

References

💭 Join the Security Discussion ❌ Cancel Reply