CVE Catalog

CVE-2026-46000

MediumCVSS 5.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.20%

10th percentile - higher than 10% of all known CVEs

Summary

A vulnerability related to RESPONSE packet handling at the connection level has been fixed in the Linux kernel. Security issues could lead to decrypted packet data being exposed to packet sniffers.

Risk Assessment

Organizations may be at risk of sensitive information leakage, potentially compromising data confidentiality. The exposure of decrypted packets could allow attackers to analyze network traffic.

Recommendation

It is recommended to update the Linux kernel to the latest version to mitigate this vulnerability. Additionally, network traffic should be monitored for potential sniffing attempts.

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix conn-level packet handling to unshare RESPONSE packets The security operations that verify the RESPONSE packets decrypt bits of it in place - however, the sk_buff may be shared with a packet sniffer, which would lead to the sniffer seeing an apparently corrupt packet (actually decrypted). Fix this by handing a copy of the packet off to the specific security handler if the packet was cloned.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS