CVE-2026-45988

Source
https://cve.org/CVERecord?id=CVE-2026-45988
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-45988.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2026-45988
Downstream
Related
Published
2026-05-27T12:55:39.740Z
Modified
2026-06-18T03:57:42.808307341Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
rxrpc: Fix re-decryption of RESPONSE packets
Details

In the Linux kernel, the following vulnerability has been resolved:

rxrpc: Fix re-decryption of RESPONSE packets

If a RESPONSE packet gets a temporary failure during processing, it may end up in a partially decrypted state - and then get requeued for a retry.

Fix this by just discarding the packet; we will send another CHALLENGE packet and thereby elicit a further response. Similarly, discard an incoming CHALLENGE packet if we get an error whilst generating a RESPONSE; the server will send another CHALLENGE.

Database specific
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/45xxx/CVE-2026-45988.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
17926a79320afa9b95df6b977b40cca6d8713cea
Fixed
d61482be4aae1835b78875761206241835a7510e
Fixed
7b89868305052b94a91b708c462bc2281fa42a4a
Fixed
76cb9a2d252274adfae6e293a292434631a7d472
Fixed
f55b383070170e988e4dec28be2af1714d258521
Fixed
0422e7a4883f25101903f3e8105c0808aa5f4ce9

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-45988.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2.6.22
Fixed
6.6.140
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.86
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.18.27
Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
7.0.4

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-45988.json"