Skip to main content

Linux Kernel EUVDEUVD-2026-32468

| CVE-2026-46085 HIGH
2026-05-27 416baaa9-dc9f-4396-8d5f-8c081fb06d67 GHSA-rxpw-r754-hvr4
7.5
CVSS 3.1 · Vendor: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Share

Severity by source

Vendor (416baaa9-dc9f-4396-8d5f-8c081fb06d67) PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
SUSE
HIGH
qualitative

Primary rating from Vendor (416baaa9-dc9f-4396-8d5f-8c081fb06d67).

CVSS VectorVendor: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
Analysis Generated
May 30, 2026 - 11:45 vuln.today
CVSS changed
May 30, 2026 - 11:22 NVD
7.5 (HIGH)
Patch available
May 27, 2026 - 19:46 EUVD
CVE Published
May 27, 2026 - 14:17 nvd
UNKNOWN (no severity yet)
CVE Published
May 27, 2026 - 14:17 nvd
HIGH 7.5

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

rxrpc: Fix rxkad crypto unalignment handling

Fix handling of a packet with a misaligned crypto length. Also handle non-ENOMEM errors from decryption by aborting. Further, remove the WARN_ON_ONCE() so that it can't be remotely triggered (a trace line can still be emitted).

AnalysisAI

Remote denial-of-service in the Linux kernel rxrpc subsystem (rxkad authentication) allows unauthenticated network attackers to crash vulnerable hosts by sending packets with misaligned crypto length fields. The flaw stems from improper handling of decryption errors and a remotely-triggerable WARN_ON_ONCE() in the rxkad packet processing path. EPSS scoring is very low (0.02%) and no public exploit identified at time of analysis, but the CVSS 7.5 (AV:N/AC:L/PR:N/UI:N) rating reflects the unauthenticated remote availability impact.

Technical ContextAI

The vulnerability resides in net/rxrpc, the in-kernel implementation of the RxRPC transport protocol used by AFS (Andrew File System) and Kerberos-style authenticated RPC. Specifically, the rxkad module performs Kerberos v4-style encryption of RPC payloads; when a packet arrives with a crypto length that is not properly aligned to the cipher block size, the decryption path mishandles the condition. Additionally, non-ENOMEM decryption errors were not aborting the connection cleanly, and a WARN_ON_ONCE() macro could be reached via attacker-controlled input - emitting a kernel warning splat (and potentially panicking systems configured with panic_on_warn). No CWE was assigned, but the pattern fits CWE-1284 (improper validation of specified quantity in input) combined with CWE-754 (improper check for unusual conditions).

RemediationAI

Vendor-released patch: upgrade to Linux 6.6.140, 6.12.86, 6.18.27, 7.0.4, or 7.1-rc1 (or later) depending on your stable branch, applying the upstream commits referenced at https://git.kernel.org/stable/c/440d20d95e844b657a93a0b2dcc2aae155efdce6 and the four sibling commits. Distribution users should track their vendor's kernel security updates (RHEL, Ubuntu, SUSE, Debian advisories). If immediate patching is not possible, the most effective compensating control is to restrict network exposure of the rxrpc transport: block UDP port 7000-7009 (AFS/rxrpc range) at perimeter and host firewalls for any host not actively serving AFS clients, and unload the rxrpc and rxkad kernel modules (modprobe -r rxkad rxrpc) on systems that do not require them - side effect: this breaks OpenAFS clients and any kAFS mounts. On systems with panic_on_warn=1, temporarily disabling that sysctl reduces the impact from kernel panic to a logged warning, at the cost of weakening crash-on-fault hardening for other bugs.

Vendor StatusVendor

SUSE

Severity: High
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

EUVD-2026-32468 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy