CVE Catalog

CVE-2026-53151

CriticalCVSS 9.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.48%

38th percentile — higher than 38% of all known CVEs

Summary

In the Linux kernel, a vulnerability in the AF_RXRPC subsystem involves incorrect access to the SACK buffer in received UDP packets. The rxrpc_input_soft_acks() function modifies the skbuff and may incorrectly read data in case of packet fragmentation, potentially leading to parsing errors.

Risk Assessment

The risk involves potential incorrect processing of ACK packets, which could result in improper RXRPC protocol operation and, in extreme cases, data integrity issues or system crashes.

Recommendation

It is recommended to immediately update the Linux kernel to a version containing the fix for this vulnerability. Monitor official security advisories from your Linux distribution.

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix the ACK parser to extract the SACK table for parsing Fix modification of the received skbuff in rxrpc_input_soft_acks() and a potential incorrect access of the buffer in a fragmented UDP packet (the packet would probably have to be deliberately pre-generated as fragmented) when AF_RXRPC tries to extract the contents of the SACK table by copying out the contents of the SACK table into a buffer before attempting to parse AF_RXRPC assumes that it can just call skb_condense() and then validly access the SACK table from skb->data and that it will be a flat buffer - but skb_condense() can silently fail to do anything under some circumstances. Note that whilst rxrpc_input_soft_acks() should be able to parse extended ACKs, the rest of AF_RXRPC doesn't currently support that. Further, there's then no need to call skb_condense() in rxrpc_input_ack(), so don't.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS