Description
In the Linux kernel, the following vulnerability has been resolved:

rxrpc: Fix re-decryption of RESPONSE packets

If a RESPONSE packet gets a temporary failure during processing, it may end
up in a partially decrypted state - and then get requeued for a retry.

Fix this by just discarding the packet; we will send another CHALLENGE
packet and thereby elicit a further response. Similarly, discard an
incoming CHALLENGE packet if we get an error whilst generating a RESPONSE;
the server will send another CHALLENGE.
Published: 2026-05-27
Score: 9.8 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

This vulnerability relates to the rxrpc protocol implementation in the Linux kernel. When a RESPONSE packet encounters a temporary failure, the packet may be only partially decrypted before it is requeued for retry. The incomplete decryption state can leak fragments of cryptographic material, thereby exposing sensitive information to an eavesdropper. The weakness is a CWE‑372 improper handling of partially processed data, which can lead to information disclosure.

Affected Systems

All Linux kernel releases that incorporate the rxrpc protocol are potentially affected because the advisory covers the entire kernel family with no explicit version ranges. Administrators should verify the kernel version in use and apply a kernel update that includes the rxrpc decryption patch when available.

Risk and Exploitability

The CVSS score of 9.8 indicates critical severity. The EPSS score of <1% suggests that exploitation is unlikely but not impossible. The vulnerability is not listed in CISA KEV. The likely attack vector is network‑based, inferred from the fact that rxrpc packets traverse the network; an attacker could send malformed or manipulated rxrpc packets to trigger the temporary failure and cause the kernel to incorrectly re‑decrypt a partially processed packet. Although no public exploit exists, the high severity and potential for information leakage warrant prompt remediation.

Generated by OpenCVE AI on June 18, 2026 at 02:15 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Linux kernel to a patched release that includes the rxrpc decryption fix.
  • If an immediate kernel upgrade is not feasible, block or restrict rxrpc traffic on unused network interfaces or disable the service through firewall rules or by blacklisting the rxrpc module.
  • Enable kernel auditing for rxrpc errors and monitor logs for repeated decryption failures, and consider tightening retry limits to reduce exposure of partially decrypted data.

Generated by OpenCVE AI on June 18, 2026 at 02:15 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Ubuntu USN Ubuntu USN USN-8488-1 Linux kernel vulnerabilities
Ubuntu USN Ubuntu USN USN-8489-1 Linux kernel (OEM) vulnerabilities
Ubuntu USN Ubuntu USN USN-8490-1 Linux kernel vulnerabilities
Ubuntu USN Ubuntu USN USN-8491-1 Linux kernel (OEM) vulnerabilities
Ubuntu USN Ubuntu USN USN-8492-1 Linux kernel vulnerabilities
Ubuntu USN Ubuntu USN USN-8493-1 Linux kernel vulnerabilities
Ubuntu USN Ubuntu USN USN-8488-2 Linux kernel (Raspberry Pi) vulnerabilities
Ubuntu USN Ubuntu USN USN-8492-2 Linux kernel vulnerabilities
Ubuntu USN Ubuntu USN USN-8493-2 Linux kernel (Oracle) vulnerabilities
Ubuntu USN Ubuntu USN USN-8497-1 Linux kernel (Low Latency) vulnerabilities
Ubuntu USN Ubuntu USN USN-8498-1 Linux kernel (NVIDIA Tegra) vulnerabilities
Ubuntu USN Ubuntu USN USN-8499-1 Linux kernel (Xilinx) vulnerabilities
Ubuntu USN Ubuntu USN USN-8501-1 Linux kernel vulnerabilities
Ubuntu USN Ubuntu USN USN-8507-1 Linux kernel (NVIDIA) vulnerabilities
Ubuntu USN Ubuntu USN USN-8508-1 Linux kernel (NVIDIA) vulnerabilities
Ubuntu USN Ubuntu USN USN-8492-3 Linux kernel (Raspberry Pi Real-time) vulnerabilities
History

Tue, 16 Jun 2026 14:00:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-noinfo

Sat, 30 May 2026 11:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}


Thu, 28 May 2026 05:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-327

Thu, 28 May 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-372
References
Metrics threat_severity

None

cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Moderate


Wed, 27 May 2026 17:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-327

Wed, 27 May 2026 14:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix re-decryption of RESPONSE packets If a RESPONSE packet gets a temporary failure during processing, it may end up in a partially decrypted state - and then get requeued for a retry. Fix this by just discarding the packet; we will send another CHALLENGE packet and thereby elicit a further response. Similarly, discard an incoming CHALLENGE packet if we get an error whilst generating a RESPONSE; the server will send another CHALLENGE.
Title rxrpc: Fix re-decryption of RESPONSE packets
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-06-14T17:46:40.196Z

Reserved: 2026-05-13T15:03:33.090Z

Link: CVE-2026-45988

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-05-27T14:17:16.270

Modified: 2026-06-17T10:52:51.390

Link: CVE-2026-45988

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-05-27T00:00:00Z

Links: CVE-2026-45988 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-18T02:30:15Z

Weaknesses