Home

Description

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix the ACK parser to extract the SACK table for parsing Fix modification of the received skbuff in rxrpc_input_soft_acks() and a potential incorrect access of the buffer in a fragmented UDP packet (the packet would probably have to be deliberately pre-generated as fragmented) when AF_RXRPC tries to extract the contents of the SACK table by copying out the contents of the SACK table into a buffer before attempting to parse AF_RXRPC assumes that it can just call skb_condense() and then validly access the SACK table from skb->data and that it will be a flat buffer - but skb_condense() can silently fail to do anything under some circumstances. Note that whilst rxrpc_input_soft_acks() should be able to parse extended ACKs, the rest of AF_RXRPC doesn't currently support that. Further, there's then no need to call skb_condense() in rxrpc_input_ack(), so don't.

PUBLISHED Reserved 2026-06-09 | Published 2026-06-25 | Updated 2026-06-25 | Assigner Linux

Product status

Default status
unaffected

d57a3a151660902091491ac2633134e1be92557f (git) before 566c4c1244de50fbff1f89ff93c9d7b0fc256db4
affected

d57a3a151660902091491ac2633134e1be92557f (git) before 224298450be5c04d2a6ea1c2a94669d7ebf65d00
affected

d57a3a151660902091491ac2633134e1be92557f (git) before 333b6d5bb9f87827ac2639c737bf9613dbae7253
affected

Default status
affected

6.2
affected

Any version before 6.2
unaffected

6.18.36 (semver)
unaffected

7.0.13 (semver)
unaffected

7.1 (original_commit_for_fix)
unaffected

References

git.kernel.org/...c/566c4c1244de50fbff1f89ff93c9d7b0fc256db4

git.kernel.org/...c/224298450be5c04d2a6ea1c2a94669d7ebf65d00

git.kernel.org/...c/333b6d5bb9f87827ac2639c737bf9613dbae7253

cve.org (CVE-2026-53151)

nvd.nist.gov (CVE-2026-53151)

Download JSON