CVE-2026-45998

Advisory lineage Upstream: 0 Downstream: 8

Downstream

DEBIAN-CVE-2026-45998 OPENSUSE-SU-2026:10954-1 UBUNTU-CVE-2026-45998 USN-8370-1 USN-8371-1 USN-8373-1

Awaiting Analysis

Published: 27 May 2026, 12:55

Last modified:14 Jun 2026, 17:47

Vulnerability Summary

Overall Risk (default)

minimal

0/100

CVSS Score

No data

EPSS Score

0.17% LOW

0% probability +0.14%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

27 May 2026, 12:55

Published

Vulnerability first disclosed

14 Jun 2026, 17:47

Last Modified

Vulnerability information updated

Description

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix potential UAF after skb_unshare() failure If skb_unshare() fails to unshare a packet due to allocation failure in rxrpc_input_packet(), the skb pointer in the parent (rxrpc_io_thread()) will be NULL'd out. This will likely cause the call to trace_rxrpc_rx_done() to oops. Fix this by moving the unsharing down to where rxrpc_input_call_event() calls rxrpc_input_call_packet(). There are a number of places prior to that where we ignore DATA packets for a variety of reasons (such as the call already being complete) for which an unshare is then avoided. And with that, rxrpc_input_packet() doesn't need to take a pointer to the pointer to the packet, so change that to just a pointer.

EPSS Trends

Current EPSS score: 0.17%• Percentile: 6%

Affected Systems

linux•linux
≥ 2d1faf7a0ca3c0b327cf064c80e4e775532c9319, < e3bf143b1e98fb3d6d9e6825bcd683974d478e8c | ≥ 2d1faf7a0ca3c0b327cf064c80e4e775532c9319, < bf20f46d94f1db38e6ffc0ca204a5fe0de01b495 | ≥ 2d1faf7a0ca3c0b327cf064c80e4e775532c9319, < 996b0487b3cdda4c91811dbb1c9564626bc840bd | ≥ 2d1faf7a0ca3c0b327cf064c80e4e775532c9319, < 8fde6296c4d4da2be7ab761305ab7f232b94eefd | ≥ 2d1faf7a0ca3c0b327cf064c80e4e775532c9319, < 1f2740150f904bfa60e4bad74d65add3ccb5e7f8 | 6.2