HIGH
rxrpc Token ENOMEM
CVE-2026-46010
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
KernelScan AI7.5HIGH
01Description
In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix error handling in rxgk_extract_token() Fix a missing bit of error handling in rxgk_extract_token(): in the event that rxgk_decrypt_skb() returns -ENOMEM, it should just return that rather than continuing on (for anything else, it generates an abort).
02KernelScan AI Analysis
Risk summary
Remote attackers can cause kernel crashes by sending RxRPC packets that trigger memory allocation failures in the rxgk token extraction path. The missing error handling causes execution to continue with undecrypted packet data, leading to invalid state processing and potential kernel panic.
Vulnerability analysis
The vulnerability occurs in rxgk_extract_token() where a missing return statement after rxgk_decrypt_skb() returns -ENOMEM allows execution to fall through to default_decode_ticket(). Instead of propagating the memory allocation error, the code continues operating on the undecrypted skb, which can lead to parsing invalid data and subsequent kernel instability or panic. The fix adds the missing 'return ret;' to properly abort the operation on -ENOMEM.
03Fix Versions
| Branch | Fixed in | Patch commit |
|---|---|---|
| 6.17 | 6.17 | 293095ef6188 |
| 6.18 | 6.18.27 | c52803e92560 |
| 7.0 | 7.0.4 | 3476c8bb960f |
| mainline | 7.1-rc1 | — |