Skip to main content

Linux Kernel EUVDEUVD-2026-32307

| CVE-2026-46010 HIGH
2026-05-27 416baaa9-dc9f-4396-8d5f-8c081fb06d67 GHSA-v639-25mx-rj6v
8.1
CVSS 3.1 · Vendor: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Share

Severity by source

Vendor (416baaa9-dc9f-4396-8d5f-8c081fb06d67) PRIMARY
8.1 HIGH
AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
SUSE
HIGH
qualitative
Red Hat
5.5 MEDIUM
qualitative

Primary rating from Vendor (416baaa9-dc9f-4396-8d5f-8c081fb06d67).

CVSS VectorVendor: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

5
Analysis Generated
May 30, 2026 - 11:36 vuln.today
CVSS changed
May 30, 2026 - 11:22 NVD
8.1 (HIGH)
Patch available
May 27, 2026 - 19:46 EUVD
CVE Published
May 27, 2026 - 14:17 nvd
UNKNOWN (no severity yet)
CVE Published
May 27, 2026 - 14:17 nvd
HIGH 8.1

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

rxrpc: Fix error handling in rxgk_extract_token()

Fix a missing bit of error handling in rxgk_extract_token(): in the event that rxgk_decrypt_skb() returns -ENOMEM, it should just return that rather than continuing on (for anything else, it generates an abort).

AnalysisAI

Memory exhaustion handling flaw in the Linux kernel's rxrpc/rxgk subsystem allows network-adjacent attackers to potentially trigger unsafe code paths when rxgk_decrypt_skb() returns -ENOMEM during RxGSS-Kerberos token extraction. Affected kernels include the 6.17 series and specific commits in 6.16.9 onward, fixed in upstream commits and stable backports targeting 6.18.27 and 7.1-rc1. No public exploit identified at time of analysis, and EPSS is very low (0.02%) despite the 8.1 CVSS score.

Technical ContextAI

The vulnerability resides in net/rxrpc, the Linux kernel implementation of the RxRPC transport protocol used primarily by AFS (Andrew File System). Specifically, the rxgk_extract_token() function handles RxGK (RxRPC GSSAPI/Kerberos) authentication tokens and calls rxgk_decrypt_skb() to decrypt incoming socket buffers. The bug is a missing error-handling branch: when the decrypt helper returns -ENOMEM (out-of-memory), the caller should propagate that error immediately instead of treating it like other failures, which would otherwise generate an RxRPC abort message. Without a CWE assigned, the root cause class is best characterized as improper error handling (CWE-755-family) in a network-facing kernel cryptographic path, which can leave subsequent code operating on uninitialized or inconsistent state under memory pressure.

RemediationAI

Upgrade to a vendor-released patched kernel: 6.18.27, 7.0.4, or 7.1-rc1 or later, applying the upstream fixes at https://git.kernel.org/stable/c/293095ef618818852bac5488c1bc223935e2ca17, https://git.kernel.org/stable/c/3476c8bb960f48e49355d6f93fb7673211e0163f, and https://git.kernel.org/stable/c/c52803e925604e2a17962ab0c99dce2d3f7238db. For systems that cannot be rebooted immediately, the practical compensating control is to prevent the rxrpc module from being loaded or used: blacklist the rxrpc kernel module via /etc/modprobe.d (which disables AFS client/server functionality - a hard trade-off if AFS is in production), or restrict ingress to UDP/7000-7007 (the conventional AFS/RxRPC port range) at the host or network firewall so untrusted peers cannot deliver RxGK tokens. Avoid running AFS servers exposed to untrusted networks until the kernel is updated.

Vendor StatusVendor

SUSE

Severity: High
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

EUVD-2026-32307 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy