CVE Catalog

CVE-2026-46085

HighCVSS 7.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.44%

35th percentile - higher than 35% of all known CVEs

Summary

A vulnerability in the Linux kernel related to handling misaligned crypto length in rxrpc packets has been fixed. The changes include improving error handling during decryption and removing a warning that could be remotely triggered.

Risk Assessment

This vulnerability could lead to improper packet processing, posing a risk to data integrity. The removal of the ability to remotely trigger the warning enhances system security.

Recommendation

It is recommended to update the Linux kernel to the latest version to eliminate this vulnerability and improve overall system security.

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix rxkad crypto unalignment handling Fix handling of a packet with a misaligned crypto length. Also handle non-ENOMEM errors from decryption by aborting. Further, remove the WARN_ON_ONCE() so that it can't be remotely triggered (a trace line can still be emitted).

Vulnerability data from NVD (NIST) · CISA KEV · EPSS