Description
In the Linux kernel, the following vulnerability has been resolved:

rxgk: Fix potential integer overflow in length check

Fix potential integer overflow in rxgk_extract_token() when checking the
length of the ticket. Rather than rounding up the value to be tested
(which might overflow), round down the size of the available data.
Published: 2026-05-27
Score: 9.8 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The Linux kernel contains an integer overflow in the rxgk_extract_token() function that occurs when calculating the length of a ticket. The original code rounded the value up for the check, which could exceed the limits of the provided data and corrupt kernel memory. The patch changes the logic to round the size down, eliminating the overflow.

Affected Systems

All Linux kernel installations that include the rxgk module and have not yet applied the patch are affected. No specific kernel versions are listed, so any kernel released before the fix should be considered vulnerable until verified otherwise.

Risk and Exploitability

The advisory assigns a CVSS score of 9.8, indicating significant impact. The EPSS score of 0.00017 reflects a very low but nonzero probability of exploitation, and the vulnerability is not listed in the CISA KEV catalog. No public exploits are known, so the risk remains largely theoretical. The attack would require delivering a crafted input to the rxgk module, but the necessary conditions and confidence of exploitation are not detailed.

Generated by OpenCVE AI on May 30, 2026 at 13:25 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Linux kernel to a version that includes the rxgk integer overflow fix
  • Replace or rebuild any custom rxgk modules from vendor-patched sources
  • Monitor system logs and kernel crash dumps for signs of memory corruption or unexpected panics

Generated by OpenCVE AI on May 30, 2026 at 13:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 16 Jun 2026 15:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:o:linux:linux_kernel:6.17:-:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.17:rc7:*:*:*:*:*:*

Sat, 30 May 2026 11:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

 cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Thu, 28 May 2026 00:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 cvssV3_1

{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

threat_severity

Moderate

Wed, 27 May 2026 20:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-190

Wed, 27 May 2026 14:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: rxgk: Fix potential integer overflow in length check Fix potential integer overflow in rxgk_extract_token() when checking the length of the ticket. Rather than rounding up the value to be tested (which might overflow), round down the size of the available data.
Title rxgk: Fix potential integer overflow in length check
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-06-14T17:49:53.080Z

Reserved: 2026-05-13T15:03:33.093Z

Link: CVE-2026-46039

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-05-27T14:17:23.263

Modified: 2026-06-16T15:16:08.880

Link: CVE-2026-46039

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-05-27T00:00:00Z

Links: CVE-2026-46039 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-30T13:30:24Z

Weaknesses
  • CWE-190

    Integer Overflow or Wraparound