CVE-2026-45988 Linux CVE debrief

Who should care

Linux system administrators running kernels with RxRPC support enabled; security teams tracking kernel networking subsystem vulnerabilities; organizations using AFS (Andrew File System) or other RxRPC-dependent services

Technical summary

The RxRPC subsystem in the Linux kernel mishandles RESPONSE packets that encounter temporary processing failures. When decryption is interrupted, packets may be left in a partially decrypted state and subsequently requeued for retry, creating potential for cryptographic state inconsistency. The resolution discards such packets entirely, allowing the CHALLENGE/RESPONSE protocol mechanism to generate fresh packets rather than attempting to recover corrupted state. A parallel fix applies to CHALLENGE packet handling when RESPONSE generation fails.

Defensive priority

medium

Recommended defensive actions

• Apply kernel updates from stable branches when available
• Monitor NVD for CVSS scoring and CISA KEV listing
• Review systems using RxRPC for kernel version exposure
• Validate kernel patch application through standard distribution channels

Evidence notes

Vulnerability description sourced from official CVE record and NVD entry. Patch commits identified in kernel.org stable tree. Vendor attribution marked low-confidence based on reference domain candidate 'Kernel'; requires review.

Official resources