Description
In the Linux kernel, the following vulnerability has been resolved:

rxrpc: Fix re-decryption of RESPONSE packets

If a RESPONSE packet gets a temporary failure during processing, it may end
up in a partially decrypted state - and then get requeued for a retry.

Fix this by just discarding the packet; we will send another CHALLENGE
packet and thereby elicit a further response. Similarly, discard an
incoming CHALLENGE packet if we get an error whilst generating a RESPONSE;
the server will send another CHALLENGE.
Published: 2026-05-27
Score: 9.8 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability involves the rxrpc protocol in the Linux kernel; a temporary processing failure during the handling of a RESPONSE packet can leave the packet partially decrypted, and the kernel would then requeue it for a retry, potentially allowing an attacker to observe incomplete cryptographic material. This flaw represents a CWE‑372 weakness where incomplete removal of partially decrypted data could lead to information leakage. The patch simply discards the malformed packet and initiates a fresh challenge/response exchange, removing the possibility of re‑decryption of partially‑decrypted data and no confirmed information disclosure has been reported.

Affected Systems

All releases of the Linux kernel that implement the rxrpc protocol are affected; the advisory lists the entire Linux kernel family with no specific version ranges, so administrators should verify their kernel version and apply the patch when available.

Risk and Exploitability

The CVSS score of 9.8 indicates critical severity while the EPSS score of <1% suggests a very low likelihood of exploitation; the vulnerability is not listed in the CISA KEV catalog; the most likely attack vector is network‑based, with an adversary sending or manipulating rxrpc packets to trigger a temporary failure; because no exploit has been publicly documented and the flaw only exposes partially decrypted data, the concrete risk to confidentiality, integrity, or availability remains uncertain, yet the high severity warrants timely remediation

Generated by OpenCVE AI on May 30, 2026 at 14:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Linux kernel to a version that includes the rxrpc decryption patch
  • If an update cannot be applied immediately, block or restrict rxrpc traffic on unused network interfaces or disable the service through firewall rules or module blacklisting
  • Enable kernel auditing for rxrpc errors and monitor logs for repeated decryption failures, limiting retry attempts where possible to prevent exposure of incomplete data

Generated by OpenCVE AI on May 30, 2026 at 14:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 16 Jun 2026 14:00:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-noinfo

Sat, 30 May 2026 11:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

 cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Thu, 28 May 2026 05:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-327

Thu, 28 May 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-372
References
Metrics threat_severity

None

 cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Moderate

Wed, 27 May 2026 17:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-327

Wed, 27 May 2026 14:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix re-decryption of RESPONSE packets If a RESPONSE packet gets a temporary failure during processing, it may end up in a partially decrypted state - and then get requeued for a retry. Fix this by just discarding the packet; we will send another CHALLENGE packet and thereby elicit a further response. Similarly, discard an incoming CHALLENGE packet if we get an error whilst generating a RESPONSE; the server will send another CHALLENGE.
Title rxrpc: Fix re-decryption of RESPONSE packets
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-06-14T17:46:40.196Z

Reserved: 2026-05-13T15:03:33.090Z

Link: CVE-2026-45988

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-05-27T14:17:16.270

Modified: 2026-06-16T13:53:39.020

Link: CVE-2026-45988

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-05-27T00:00:00Z

Links: CVE-2026-45988 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-30T14:30:25Z

Weaknesses