CVE-2026-45998
Gravedad CVSS v3.1:
ALTA
Tipo:
CWE-416
Utilización después de liberación
Fecha de publicación:
27/05/2026
Última modificación:
30/06/2026
Descripción
*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
rxrpc: Fix potential UAF after skb_unshare() failure<br />
<br />
If skb_unshare() fails to unshare a packet due to allocation failure in<br />
rxrpc_input_packet(), the skb pointer in the parent (rxrpc_io_thread())<br />
will be NULL&#39;d out. This will likely cause the call to<br />
trace_rxrpc_rx_done() to oops.<br />
<br />
Fix this by moving the unsharing down to where rxrpc_input_call_event()<br />
calls rxrpc_input_call_packet(). There are a number of places prior to<br />
that where we ignore DATA packets for a variety of reasons (such as the<br />
call already being complete) for which an unshare is then avoided.<br />
<br />
And with that, rxrpc_input_packet() doesn&#39;t need to take a pointer to the<br />
pointer to the packet, so change that to just a pointer.
Impacto
Puntuación base 3.x
7.80
Gravedad 3.x
ALTA
Productos y versiones vulnerables
| CPE | Desde | Hasta |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.2 (incluyendo) | 6.6.140 (excluyendo) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.7 (incluyendo) | 6.12.86 (excluyendo) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.13 (incluyendo) | 6.18.27 (excluyendo) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.19 (incluyendo) | 7.0.4 (excluyendo) |
Para consultar la lista completa de nombres de CPE con productos y versiones, ver esta página
Referencias a soluciones, herramientas e información
- https://git.kernel.org/stable/c/1f2740150f904bfa60e4bad74d65add3ccb5e7f8
- https://git.kernel.org/stable/c/8fde6296c4d4da2be7ab761305ab7f232b94eefd
- https://git.kernel.org/stable/c/996b0487b3cdda4c91811dbb1c9564626bc840bd
- https://git.kernel.org/stable/c/bf20f46d94f1db38e6ffc0ca204a5fe0de01b495
- https://git.kernel.org/stable/c/e3bf143b1e98fb3d6d9e6825bcd683974d478e8c
- https://access.redhat.com/security/cve/CVE-2026-45998
- https://bugzilla.redhat.com/show_bug.cgi?id=2482024
- https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-45998.json



