Description
In the Linux kernel, the following vulnerability has been resolved:

net: strparser: fix skb_head leak in strp_abort_strp()

When the stream parser is aborted, for example after a message assembly timeout,
it can still hold a reference to a partially assembled message in
strp->skb_head.

That skb is not released in strp_abort_strp(), which leaks the partially
assembled message and can be triggered repeatedly to exhaust memory.

Fix this by freeing strp->skb_head and resetting the parser state in the
abort path. Leave strp_stop() unchanged so final cleanup still happens in
strp_done() after the work and timer have been synchronized.
Published: 2026-05-27
Score: 5.5 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An improper memory management flaw exists in the Linux kernel’s stream parser. When a stream is aborted—such as after a message assembly timeout—the parser may keep a reference to a partially assembled packet in the skb_head field. That skb is never released, resulting in a cumulative memory leak. Repeated aborts can deplete system memory, leading to a denial of service. The weakness maps to CWE‑772 (Missing Release of Resource).

Affected Systems

The flaw resides in the generic net: strparser component of the Linux kernel and therefore affects all builds that include this code. No vendor-specific or version-specific restrictions are listed. Any kernel version that predates the inclusion of the patch commit 19ca9475f18f991735f98a22e735c43e95e6298d is potentially vulnerable.

Risk and Exploitability

The CVSS score is 5.5 and no EPSS data are available, indicating that the likelihood of exploitation is not quantified by public sources. The vulnerability is not listed in the CISA KEV catalog, so no widespread, known exploitation cases exist. The attack vector would be remote network traffic that triggers stream parsing aborts—an attacker could send malformed packets or craft streams that time out, repeatedly exercising the leak path. In environments where services expose the stream parser to untrusted traffic and lack strict rate limiting, the risk could be moderate to high, especially if the system has limited memory resources.

Generated by OpenCVE AI on May 28, 2026 at 04:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Linux kernel to a release that incorporates the fix found in commit 19ca9475f18f991735f98a22e735c43e95e6298d, which releases skb_head during stream parser aborts.
  • Restrict or disable network services that rely heavily on the stream parser from receiving untrusted traffic until a kernel update can be applied.
  • Implement network traffic shaping or connection throttling to limit repeated abort attempts and mitigate memory exhaustion while a patch is pending.

Generated by OpenCVE AI on May 28, 2026 at 04:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 28 May 2026 03:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-401

Thu, 28 May 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-772
References
Metrics threat_severity

None

 cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Moderate

Wed, 27 May 2026 20:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-401

Wed, 27 May 2026 14:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: net: strparser: fix skb_head leak in strp_abort_strp() When the stream parser is aborted, for example after a message assembly timeout, it can still hold a reference to a partially assembled message in strp->skb_head. That skb is not released in strp_abort_strp(), which leaks the partially assembled message and can be triggered repeatedly to exhaust memory. Fix this by freeing strp->skb_head and resetting the parser state in the abort path. Leave strp_stop() unchanged so final cleanup still happens in strp_done() after the work and timer have been synchronized.
Title net: strparser: fix skb_head leak in strp_abort_strp()
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-27T12:59:09.526Z

Reserved: 2026-05-13T15:03:33.097Z

Link: CVE-2026-46102

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-27T14:17:32.323

Modified: 2026-05-27T14:48:03.013

Link: CVE-2026-46102

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-05-27T00:00:00Z

Links: CVE-2026-46102 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-28T04:30:06Z

Weaknesses