CVE-2026-46085 Linux CVE debrief

Who should care

Organizations running Linux systems with AFS (Andrew File System) clients or servers, kernel developers maintaining RxRPC implementations, and security teams monitoring network filesystem infrastructure.

Technical summary

The vulnerability exists in the Linux kernel's RxRPC (Remote Procedure Call over RX) subsystem, specifically in the rxkad authentication module. The rxkad mechanism provides Kerberos 4-style authentication for RxRPC connections, commonly used by AFS clients and servers. The flaw involved improper handling of cryptographic data with misaligned lengths, which could lead to undefined behavior or potential information disclosure. Additionally, non-ENOMEM decryption errors were not properly handled, potentially allowing processing to continue with invalid data. The WARN_ON_ONCE() macro was also removable as an attack vector since it could be triggered remotely to flood kernel logs or potentially destabilize systems. The fix ensures proper alignment checks, aborts connections on decryption failures, and replaces the WARN_ON_ONCE() with trace-based logging.

Defensive priority

medium

Recommended defensive actions

• Apply kernel updates from your Linux distribution when available, prioritizing systems running AFS or other RxRPC-dependent services
• Monitor vendor security advisories for backported fixes to currently deployed kernel versions
• Review kernel logs for rxrpc-related errors as indicators of potential exploitation attempts
• Consider network segmentation for AFS and RxRPC services until patches are deployed

Evidence notes

CVE published 2026-05-27. Description confirms kernel-level fix for rxrpc rxkad crypto handling. Five kernel.org stable branch commits provided as references. No CVSS score or severity assigned by NVD at time of disclosure (status: Awaiting Analysis).

Official resources