CVE Catalog

CVE-2026-46039

CriticalCVSS 9.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.45%

35th percentile — higher than 35% of all known CVEs

Summary

In the Linux kernel, a potential integer overflow in the rxgk_extract_token() function when checking the length of the ticket has been fixed. Instead of rounding up the value to be tested, the size of the available data is rounded down.

Risk Assessment

The potential integer overflow could lead to unexpected system behavior, posing risks to system stability and security. Organizations should be aware that unpatched versions may be vulnerable to attacks exploiting this flaw.

Recommendation

It is recommended to update the Linux kernel to the latest version to eliminate this vulnerability. Regular monitoring and updating of systems is crucial for maintaining security.

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: rxgk: Fix potential integer overflow in length check Fix potential integer overflow in rxgk_extract_token() when checking the length of the ticket. Rather than rounding up the value to be tested (which might overflow), round down the size of the available data.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS