CVE-2026-46000

Summary

In the Linux kernel, the following vulnerability has been resolved:

rxrpc: Fix conn-level packet handling to unshare RESPONSE packets

The security operations that verify the RESPONSE packets decrypt bits of it in place - however, the sk_buff may be shared with a packet sniffer, which would lead to the sniffer seeing an apparently corrupt packet (actually decrypted).

Fix this by handing a copy of the packet off to the specific security handler if the packet was cloned.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux17926a79320afa9b95df6b977b40cca6d8713cea < c0428a22daf69714dc042b67ea759956b74c74e5affected
LinuxLinux17926a79320afa9b95df6b977b40cca6d8713cea < 98a2046d155f73f6cf5d2c493c5e09b4963e2e12affected
LinuxLinux17926a79320afa9b95df6b977b40cca6d8713cea < ca71ac2de389b01eecdc48bfafbdf073ec232044affected
LinuxLinux17926a79320afa9b95df6b977b40cca6d8713cea < d9b93a0f57ca5f6831bfaa34014b6cd705564a00affected
LinuxLinux17926a79320afa9b95df6b977b40cca6d8713cea < 24481a7f573305706054c59e275371f8d0fe919faffected
LinuxLinux2.6.22affected
LinuxLinux0 < 2.6.22unaffected
LinuxLinux6.6.140 <= 6.6.*unaffected
LinuxLinux6.12.88 <= 6.12.*unaffected
LinuxLinux6.18.27 <= 6.18.*unaffected
LinuxLinux7.0.4 <= 7.0.*unaffected
LinuxLinux7.1 <= *unaffected

Weaknesses

References