Impact
This vulnerability relates to the rxrpc protocol implementation in the Linux kernel. When a RESPONSE packet encounters a temporary failure, the packet may be only partially decrypted before it is requeued for retry. The incomplete decryption state can leak fragments of cryptographic material, thereby exposing sensitive information to an eavesdropper. The weakness is a CWE‑372 improper handling of partially processed data, which can lead to information disclosure.
Affected Systems
All Linux kernel releases that incorporate the rxrpc protocol are potentially affected because the advisory covers the entire kernel family with no explicit version ranges. Administrators should verify the kernel version in use and apply a kernel update that includes the rxrpc decryption patch when available.
Risk and Exploitability
The CVSS score of 9.8 indicates critical severity. The EPSS score of <1% suggests that exploitation is unlikely but not impossible. The vulnerability is not listed in CISA KEV. The likely attack vector is network‑based, inferred from the fact that rxrpc packets traverse the network; an attacker could send malformed or manipulated rxrpc packets to trigger the temporary failure and cause the kernel to incorrectly re‑decrypt a partially processed packet. Although no public exploit exists, the high severity and potential for information leakage warrant prompt remediation.
OpenCVE Enrichment
Ubuntu USN