Vulnerability Details CVE-2026-46085
In the Linux kernel, the following vulnerability has been resolved:
rxrpc: Fix rxkad crypto unalignment handling
Fix handling of a packet with a misaligned crypto length. Also handle
non-ENOMEM errors from decryption by aborting. Further, remove the
WARN_ON_ONCE() so that it can't be remotely triggered (a trace line can
still be emitted).
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 35.3%
CVSS Severity
CVSS v3 Score 7.5
References
- https://git.kernel.org/stable/c/440d20d95e844b657a93a0b2dcc2aae155efdce6
- https://git.kernel.org/stable/c/af9271eb666d07b6f65612dc160a47f7cb5220ed
- https://git.kernel.org/stable/c/def304aae2edf321d2671fd6ca766a93c21f877e
- https://git.kernel.org/stable/c/f0d3efd03b2a9e0f1ffa6df8fcb264af3d494286
- https://git.kernel.org/stable/c/f1c6bd0cc786a8fa74829ce3c4b3673944a308f4
Products affected by CVE-2026-46085
-
cpe:2.3:o:linux:linux_kernel:6.12.82
-
cpe:2.3:o:linux:linux_kernel:6.12.83
-
cpe:2.3:o:linux:linux_kernel:6.12.84
-
cpe:2.3:o:linux:linux_kernel:6.12.85
-
cpe:2.3:o:linux:linux_kernel:6.18.23
-
cpe:2.3:o:linux:linux_kernel:6.18.24
-
cpe:2.3:o:linux:linux_kernel:6.18.25
-
cpe:2.3:o:linux:linux_kernel:6.18.26
-
cpe:2.3:o:linux:linux_kernel:6.19.13
-
cpe:2.3:o:linux:linux_kernel:6.19.14
-
cpe:2.3:o:linux:linux_kernel:6.6.135
-
cpe:2.3:o:linux:linux_kernel:6.6.136
-
cpe:2.3:o:linux:linux_kernel:6.6.137
-
cpe:2.3:o:linux:linux_kernel:6.6.138
-
cpe:2.3:o:linux:linux_kernel:7.0
-
cpe:2.3:o:linux:linux_kernel:7.0.1
-
cpe:2.3:o:linux:linux_kernel:7.0.2
-
cpe:2.3:o:linux:linux_kernel:7.0.3