CVE-2026-46010 Linux CVE debrief

Who should care

Linux system administrators running kernels with RxRPC enabled, particularly those using Kerberos-authenticated remote procedure calls; kernel maintainers and distribution security teams responsible for stable kernel updates; organizations running network file systems or other services built atop RxRPC

Technical summary

The vulnerability exists in the rxgk_extract_token() function within the Linux kernel's RxRPC implementation. When rxgk_decrypt_skb() returns -ENOMEM (memory allocation failure), the function should immediately return this error code. Instead, the original code continued execution, potentially leading to operations on invalid or uninitialized data. The fix adds proper error propagation for the -ENOMEM case, ensuring that memory allocation failures are handled correctly and immediately returned to the caller. This affects systems using RxRPC with Kerberos security (rxgk) under memory pressure conditions.

Defensive priority

medium

Recommended defensive actions

• Apply the relevant stable kernel patch from the Linux kernel stable tree to correct the error-handling deficiency in rxgk_extract_token()
• Monitor kernel logs for RxRPC-related memory pressure indicators that might trigger the vulnerable code path
• Review RxRPC service configurations to ensure appropriate resource limits and memory availability
• Validate kernel version against patched releases once specific version mappings are available from vendor advisories

Evidence notes

The vulnerability description indicates a missing error-handling path for -ENOMEM return values in rxgk_extract_token(). The fix ensures proper propagation of memory-allocation failure errors. Three stable kernel commits are referenced as remediation sources.

Official resources