Skip to main content

Linux Kernel EUVDEUVD-2026-32284

| CVE-2026-45988 CRITICAL
2026-05-27 416baaa9-dc9f-4396-8d5f-8c081fb06d67 GHSA-prrp-jq4x-wwq4
Critical
Disputed · 9.8 Vendor: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Share

Severity by source

Sources disagree (Medium–Critical)
Vendor (416baaa9-dc9f-4396-8d5f-8c081fb06d67) PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
SUSE
CRITICAL
qualitative
Red Hat
5.5 MEDIUM
qualitative

vuln.today treats the vendor’s rating as authoritative. A higher third-party CVSS (e.g. CISA-ADP) is shown for transparency but does not drive the headline severity.

CVSS VectorVendor: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

5
Analysis Generated
May 30, 2026 - 11:34 vuln.today
CVSS changed
May 30, 2026 - 11:22 NVD
9.8 (CRITICAL)
Patch available
May 27, 2026 - 19:46 EUVD
CVE Published
May 27, 2026 - 14:17 nvd
UNKNOWN (no severity yet)
CVE Published
May 27, 2026 - 14:17 nvd
CRITICAL 9.8

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

rxrpc: Fix re-decryption of RESPONSE packets

If a RESPONSE packet gets a temporary failure during processing, it may end up in a partially decrypted state - and then get requeued for a retry.

Fix this by just discarding the packet; we will send another CHALLENGE packet and thereby elicit a further response. Similarly, discard an incoming CHALLENGE packet if we get an error whilst generating a RESPONSE; the server will send another CHALLENGE.

AnalysisAI

Improper handling of failed RESPONSE packet decryption in the Linux kernel's rxrpc subsystem can leave packets in a partially decrypted state when requeued for retry after a temporary processing failure. The flaw affects multiple Linux kernel branches and was resolved upstream by discarding such packets and relying on the CHALLENGE/RESPONSE re-handshake. No public exploit identified at time of analysis, and EPSS scoring (0.02%, 5th percentile) indicates very low real-world exploitation probability despite the high CVSS rating.

Technical ContextAI

The vulnerability resides in net/rxrpc, the kernel implementation of the RxRPC transport protocol historically used by AFS (Andrew File System) and Kerberos-style authentication exchanges. The RxRPC authentication handshake uses CHALLENGE and RESPONSE packets that are cryptographically processed; if RESPONSE decryption encounters a temporary failure (e.g., memory pressure or transient resource exhaustion), the existing code retained the half-processed packet and requeued it, potentially leading to inconsistent cryptographic state. The fix, landed across stable branches per the kernel.org commits referenced, discards partially processed CHALLENGE/RESPONSE packets so the peer simply retransmits a fresh CHALLENGE. No CWE was assigned, but the bug class aligns with improper state management during cryptographic processing (CWE-755-adjacent).

RemediationAI

Vendor-released patches are available: upgrade to Linux kernel 6.6.140, 6.12.86, 6.18.27, 7.0.4, or 7.1-rc1 (or any later release on those branches) using the stable commits referenced at https://git.kernel.org/stable/c/d61482be4aae1835b78875761206241835a7510e and the companion commits listed in the references. If a kernel upgrade cannot be scheduled, the most effective compensating control is to disable or unload the rxrpc module (modprobe -r rxrpc and blacklist in /etc/modprobe.d/) on hosts that do not require AFS or kAFS - the trade-off is loss of in-kernel AFS client/server functionality, which is acceptable for the vast majority of servers and workstations. Distribution-specific advisories should be consulted as they ship backports (Red Hat, SUSE, Ubuntu, Debian).

Vendor StatusVendor

SUSE

Severity: Critical
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

EUVD-2026-32284 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy