CVE-2026-45988
CriticalCVSS 9.8Exploitation Probability (EPSS)
Low risk36th percentile — higher than 36% of all known CVEs
Summary
A vulnerability related to the re-decryption of RESPONSE packets has been fixed in the Linux kernel. If a RESPONSE packet encounters a temporary failure during processing, it may end up in a partially decrypted state and be requeued for retry.
Risk Assessment
This vulnerability may lead to improper packet processing, potentially affecting the stability and security of communication within the system. In the event of an attack, it could allow unauthorized access to data.
Recommendation
It is recommended to update the Linux kernel to the latest version to eliminate this vulnerability. Additionally, monitor system logs for potential attempts to exploit this flaw.
Original NVD description (English source)
In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix re-decryption of RESPONSE packets If a RESPONSE packet gets a temporary failure during processing, it may end up in a partially decrypted state - and then get requeued for a retry. Fix this by just discarding the packet; we will send another CHALLENGE packet and thereby elicit a further response. Similarly, discard an incoming CHALLENGE packet if we get an error whilst generating a RESPONSE; the server will send another CHALLENGE.

