Skip to main content

Linux Kernel CVE-2026-46102

| EUVDEUVD-2026-32485 HIGH
Memory Leak (CWE-401)
2026-05-27 416baaa9-dc9f-4396-8d5f-8c081fb06d67 GHSA-mr4j-h79v-vcp9
7.5
CVSS 3.1 · Vendor: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Share

Severity by source

Vendor (416baaa9-dc9f-4396-8d5f-8c081fb06d67) PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
SUSE
HIGH
qualitative
Red Hat
5.5 MEDIUM
qualitative

Primary rating from Vendor (416baaa9-dc9f-4396-8d5f-8c081fb06d67).

CVSS VectorVendor: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
Analysis Generated
May 30, 2026 - 11:47 vuln.today
CVSS changed
May 30, 2026 - 11:22 NVD
7.5 (HIGH)
Patch available
May 27, 2026 - 19:46 EUVD
CVE Published
May 27, 2026 - 14:17 nvd
UNKNOWN (no severity yet)
CVE Published
May 27, 2026 - 14:17 nvd
HIGH 7.5

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

net: strparser: fix skb_head leak in strp_abort_strp()

When the stream parser is aborted, for example after a message assembly timeout, it can still hold a reference to a partially assembled message in strp->skb_head.

That skb is not released in strp_abort_strp(), which leaks the partially assembled message and can be triggered repeatedly to exhaust memory.

Fix this by freeing strp->skb_head and resetting the parser state in the abort path. Leave strp_stop() unchanged so final cleanup still happens in strp_done() after the work and timer have been synchronized.

AnalysisAI

Remote denial of service in the Linux kernel's stream parser (strparser) subsystem allows attackers to exhaust memory by repeatedly triggering message assembly timeouts that fail to release partially assembled skb buffers. The flaw resides in strp_abort_strp(), which leaks strp->skb_head on abort, and affects kernels from at least 4.9 through the 6.x and 7.x release lines until the fix introduced in 6.6.140, 6.12.86, 6.18.27, 7.0.4, and 7.1-rc1. No public exploit identified at time of analysis, and EPSS (0.02%, 5th percentile) reflects low predicted exploitation in the next 30 days despite the CVSS 7.5 rating.

Technical ContextAI

The Linux kernel stream parser (net/strparser) is a kernel helper used by upper-layer protocols such as KCM (Kernel Connection Multiplexor), AF_TLS/kTLS, and BPF sockmap/sk_msg to reassemble message-oriented streams from TCP. The parser maintains an in-progress reassembly buffer in strp->skb_head while waiting for additional frame data. When the parser aborts - for example after a message assembly timeout fires - strp_abort_strp() was failing to free that partial skb and to reset parser state, while strp_stop() handled only final teardown via strp_done(). Because the abort path is independently reachable and repeatable, each abort leaks a partially-assembled socket buffer. The root cause class is a memory-leak / missing-resource-release bug (CWE-401 family); no CWE was assigned in the source data.

RemediationAI

Upgrade to a kernel that includes the upstream fix: 6.6.140, 6.12.86, 6.18.27, 7.0.4, or 7.1-rc1 (vendor-released patch confirmed via the stable commits at https://git.kernel.org/stable/c/19ca9475f18f991735f98a22e735c43e95e6298d, /5327dad2ffe9c1b49881dd6d51ff3c6893847568, /56082f442023db9be1a5a29d4ee361de4017c0b7, /e9ae00490d474757c0f9c65073de83e6bb1e5a00, and /fe72340daaf1af588be88056faf98965f39e6032), and pull the equivalent backport from your distribution (RHEL/Ubuntu/SUSE/Debian) once published. If patching must be deferred, mitigate by disabling or restricting kernel features that consume strparser - unload or avoid the kcm module, disable kTLS offload on exposed sockets, and avoid attaching BPF sockmap/sk_msg programs to internet-facing sockets - accepting that this will break any application relying on KCM, kernel TLS, or sockmap acceleration. As an additional compensating control, rate-limit or filter the upstream protocol traffic that can drive strparser into the timeout/abort path (e.g., enforce idle timeouts and connection caps at a front-end proxy), recognizing this only slows, rather than prevents, memory exhaustion by a determined attacker.

Vendor StatusVendor

SUSE

Severity: High
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

CVE-2026-46102 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy