Skip to content
CVSS 9.8 · CRITICAL

CVE-2026-46039

In the Linux kernel, the following vulnerability has been resolved: rxgk: Fix potential integer overflow in length check Fix potential integer overflow in rxgk_extract_token() when checking the length of the ticket. Rather than rounding up the value to be tested (which might overflow), round down the size of the available data.

Ver en NVD

Análisis

A critical vulnerability has been identified in the Linux kernel's RxGK security layer. An integer overflow in length checks during token extraction could lead to memory corruption, posing a significant risk to systems utilizing RX RPC services or AFS.

Severidad

Puntaje: 9.8(CRITICAL)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AV: NETWORK
AC: LOW
PR: NONE
UI: NONE
S: UNCHANGED
C: HIGH
I: HIGH
A: HIGH

EPSS

Probabilidad de explotación (próx. 30 días): 0.0004 (0.0%)
Percentil: 12.6%
EPSS: 2026-05-30

Descripción técnica

In the Linux kernel, the following vulnerability has been resolved: rxgk: Fix potential integer overflow in length check Fix potential integer overflow in rxgk_extract_token() when checking the length of the ticket. Rather than rounding up the value to be tested (which might overflow), round down the size of the available data.

Publicada: 27/5/2026, 14:17:23
Última modificación: 30/5/2026, 11:17:19

Referencias

InicioEventosBlogRecursosEquipo