{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-53151","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2026-06-09T07:44:35.388Z","datePublished":"2026-06-25T08:38:36.187Z","dateUpdated":"2026-07-04T11:50:54.212Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-07-04T11:50:54.212Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nrxrpc: Fix the ACK parser to extract the SACK table for parsing\n\nFix modification of the received skbuff in rxrpc_input_soft_acks() and a\npotential incorrect access of the buffer in a fragmented UDP packet (the\npacket would probably have to be deliberately pre-generated as fragmented)\nwhen AF_RXRPC tries to extract the contents of the SACK table by copying\nout the contents of the SACK table into a buffer before attempting to parse\n\nAF_RXRPC assumes that it can just call skb_condense() and then validly\naccess the SACK table from skb->data and that it will be a flat buffer -\nbut skb_condense() can silently fail to do anything under some\ncircumstances.\n\nNote that whilst rxrpc_input_soft_acks() should be able to parse extended\nACKs, the rest of AF_RXRPC doesn't currently support that.\n\nFurther, there's then no need to call skb_condense() in rxrpc_input_ack(),\nso don't."}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL"}}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["net/rxrpc/input.c"],"versions":[{"version":"d57a3a151660902091491ac2633134e1be92557f","lessThan":"5d1ae4e17a3ecd8561cdb4f4f70152f41039c4e1","status":"affected","versionType":"git"},{"version":"d57a3a151660902091491ac2633134e1be92557f","lessThan":"775c5e89272a2615b72bb84f611ba66fa3b7493e","status":"affected","versionType":"git"},{"version":"d57a3a151660902091491ac2633134e1be92557f","lessThan":"566c4c1244de50fbff1f89ff93c9d7b0fc256db4","status":"affected","versionType":"git"},{"version":"d57a3a151660902091491ac2633134e1be92557f","lessThan":"224298450be5c04d2a6ea1c2a94669d7ebf65d00","status":"affected","versionType":"git"},{"version":"d57a3a151660902091491ac2633134e1be92557f","lessThan":"333b6d5bb9f87827ac2639c737bf9613dbae7253","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["net/rxrpc/input.c"],"versions":[{"version":"6.2","status":"affected"},{"version":"0","lessThan":"6.2","status":"unaffected","versionType":"semver"},{"version":"6.6.144","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.12.95","lessThanOrEqual":"6.12.*","status":"unaffected","versionType":"semver"},{"version":"6.18.36","lessThanOrEqual":"6.18.*","status":"unaffected","versionType":"semver"},{"version":"7.0.13","lessThanOrEqual":"7.0.*","status":"unaffected","versionType":"semver"},{"version":"7.1","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.144"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.12.95"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.18.36"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"7.0.13"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"7.1"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/5d1ae4e17a3ecd8561cdb4f4f70152f41039c4e1"},{"url":"https://git.kernel.org/stable/c/775c5e89272a2615b72bb84f611ba66fa3b7493e"},{"url":"https://git.kernel.org/stable/c/566c4c1244de50fbff1f89ff93c9d7b0fc256db4"},{"url":"https://git.kernel.org/stable/c/224298450be5c04d2a6ea1c2a94669d7ebf65d00"},{"url":"https://git.kernel.org/stable/c/333b6d5bb9f87827ac2639c737bf9613dbae7253"}],"title":"rxrpc: Fix the ACK parser to extract the SACK table for parsing","x_generator":{"engine":"bippy-1.2.0"}}}}