Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

CVE-2026-45988: Linux kernel rxrpc decryption fix prevents packet re-use

CVE-2026-45988

Summary

A fix has been made in the Linux kernel to prevent temporary packets from being re-used. This prevents potential security risks and data corruption. Linux kernel users should ensure they have the latest updates installed.

Original title

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix re-decryption of RESPONSE packets If a RESPONSE packet gets a temporary failure during processing, it may end up in ...

Original description

In the Linux kernel, the following vulnerability has been resolved:

rxrpc: Fix re-decryption of RESPONSE packets

If a RESPONSE packet gets a temporary failure during processing, it may end
up in a partially decrypted state - and then get requeued for a retry.

Fix this by just discarding the packet; we will send another CHALLENGE
packet and thereby elicit a further response. Similarly, discard an
incoming CHALLENGE packet if we get an error whilst generating a RESPONSE;
the server will send another CHALLENGE.

nvd CVSS3.1 9.8

Published: 27 May 2026 · Updated: 31 May 2026 · First seen: 30 May 2026