DEBIAN-CVE-2026-45998

Advisory lineage Upstream: 1 Downstream: 0

Upstream

CVE-2026-45998

Published: 27 May 2026, 14:17

Last modified:15 Jun 2026, 08:47

Vulnerability Summary

Overall Risk (default)

minimal

0/100

CVSS Score

No data

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

27 May 2026, 14:17

Published

Vulnerability first disclosed

15 Jun 2026, 08:47

Last Modified

Vulnerability information updated

Description

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix potential UAF after skb_unshare() failure If skb_unshare() fails to unshare a packet due to allocation failure in rxrpc_input_packet(), the skb pointer in the parent (rxrpc_io_thread()) will be NULL'd out. This will likely cause the call to trace_rxrpc_rx_done() to oops. Fix this by moving the unsharing down to where rxrpc_input_call_event() calls rxrpc_input_call_packet(). There are a number of places prior to that where we ignore DATA packets for a variety of reasons (such as the call already being complete) for which an unshare is then avoided. And with that, rxrpc_input_packet() doesn't need to take a pointer to the pointer to the packet, so change that to just a pointer.

Affected Systems

debian•linux
< 6.12.86-1 | < 7.0.4-1

References (1)

https://security-tracker.debian.org/tracker/CVE-2026-45998