CVE-2026-45988
Analyzed Analyzed - Analysis Complete
Memory Corruption in Linux Kernel rxrpc

Publication date: 2026-05-27

Last updated on: 2026-06-16

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix re-decryption of RESPONSE packets If a RESPONSE packet gets a temporary failure during processing, it may end up in a partially decrypted state - and then get requeued for a retry. Fix this by just discarding the packet; we will send another CHALLENGE packet and thereby elicit a further response. Similarly, discard an incoming CHALLENGE packet if we get an error whilst generating a RESPONSE; the server will send another CHALLENGE.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-27
Last Modified
2026-06-16
Generated
2026-06-16
AI Q&A
2026-05-27
EPSS Evaluated
2026-06-15
NVD
CVE-2026-45988
EUVD
EUVD-2026-32284
Affected Vendors & Products
Showing 4 associated CPEs
Vendor Product Version / Range
linux linux_kernel From 6.7 (inc) to 6.12.86 (exc)
linux linux_kernel From 6.13 (inc) to 6.18.27 (exc)
linux linux_kernel From 6.19 (inc) to 7.0.4 (exc)
linux linux_kernel From 2.6.22 (inc) to 6.6.140 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linux kernel's rxrpc protocol implementation. When a RESPONSE packet encounters a temporary failure during processing, it may become partially decrypted and then be requeued for a retry. This improper handling could lead to issues in packet processing.

The fix involves discarding such partially decrypted RESPONSE packets instead of retrying them. The system then sends another CHALLENGE packet to elicit a fresh RESPONSE. Similarly, if an error occurs while generating a RESPONSE to an incoming CHALLENGE packet, that CHALLENGE packet is discarded, prompting the server to send another CHALLENGE.

Impact Analysis

If this vulnerability is exploited or triggered, it could cause improper handling of network packets within the rxrpc protocol in the Linux kernel. This might lead to communication disruptions or unexpected behavior in applications relying on this protocol.

However, the vulnerability is addressed by discarding problematic packets and prompting retries, which helps maintain protocol integrity and prevents potential issues caused by partially decrypted packets.

Mitigation Strategies

To mitigate this vulnerability, ensure that your Linux kernel is updated to a version where the rxrpc re-decryption issue has been fixed. The fix involves discarding partially decrypted RESPONSE packets and handling CHALLENGE packets correctly to avoid retries that could lead to inconsistent states.

Since the vulnerability is resolved by a kernel patch, applying the latest kernel updates from your Linux distribution is the immediate recommended step.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-45988. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart