Skip to content
CVSS 9.8 · CRITICAL

CVE-2026-46039

In the Linux kernel, the following vulnerability has been resolved: rxgk: Fix potential integer overflow in length check Fix potential integer overflow in rxgk_extract_token() when checking the length of the ticket. Rather than rounding up the value to be tested (which might overflow), round down the size of the available data.

View on NVD

Analysis

A critical vulnerability has been identified in the Linux kernel's RxGK security layer. An integer overflow in length checks during token extraction could lead to memory corruption, posing a significant risk to systems utilizing RX RPC services or AFS.

Severity

Score: 9.8(CRITICAL)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AV: NETWORK
AC: LOW
PR: NONE
UI: NONE
S: UNCHANGED
C: HIGH
I: HIGH
A: HIGH

EPSS

Probability of exploitation (next 30 days): 0.0004 (0.0%)
Percentile: 12.6%
EPSS: 2026-05-30

Technical description

In the Linux kernel, the following vulnerability has been resolved: rxgk: Fix potential integer overflow in length check Fix potential integer overflow in rxgk_extract_token() when checking the length of the ticket. Rather than rounding up the value to be tested (which might overflow), round down the size of the available data.

Published: 5/27/2026, 2:17:23 PM
Last modified: 5/30/2026, 11:17:19 AM

References

HomeEventsBlogResourcesTeam