CVE-2026-46102 Linux CVE debrief

Who should care

Linux system administrators, kernel maintainers, and security teams operating systems with high network throughput or long-running connections that utilize the kernel's stream parser functionality.

Technical summary

The Linux kernel's stream parser (strparser) subsystem contains a memory leak in the abort path. When `strp_abort_strp()` is called—such as during message assembly timeout—the function fails to release `strp->skb_head`, which holds a reference to a partially assembled message. This socket buffer leak can be triggered repeatedly to exhaust kernel memory. The resolution adds proper cleanup of `strp->skb_head` and parser state reset in the abort path while preserving the existing cleanup flow through `strp_done()`.

Defensive priority

high

Recommended defensive actions

• Apply kernel updates containing the referenced stable commits when available from your Linux distribution
• Monitor for kernel memory exhaustion indicators if running affected systems before patching
• Review systems using stream parser functionality for unusual memory consumption patterns
• Prioritize patching on systems with high network throughput or long-running connections that may trigger message assembly timeouts

Evidence notes

The vulnerability description indicates this is a memory leak in the Linux kernel's strparser subsystem where `strp->skb_head` is not freed during abort conditions. The fix involves freeing the skb and resetting parser state in the abort path. Multiple stable kernel commits are referenced, suggesting backports to various kernel versions.

Official resources