CVE-2026-46039
CriticalCVSS 9.8Exploitation Probability (EPSS)
Low risk35th percentile — higher than 35% of all known CVEs
Summary
In the Linux kernel, a potential integer overflow in the rxgk_extract_token() function when checking the length of the ticket has been fixed. Instead of rounding up the value to be tested, the size of the available data is rounded down.
Risk Assessment
The potential integer overflow could lead to unexpected system behavior, posing risks to system stability and security. Organizations should be aware that unpatched versions may be vulnerable to attacks exploiting this flaw.
Recommendation
It is recommended to update the Linux kernel to the latest version to eliminate this vulnerability. Regular monitoring and updating of systems is crucial for maintaining security.
Original NVD description (English source)
In the Linux kernel, the following vulnerability has been resolved: rxgk: Fix potential integer overflow in length check Fix potential integer overflow in rxgk_extract_token() when checking the length of the ticket. Rather than rounding up the value to be tested (which might overflow), round down the size of the available data.

