HarborGuard / CVE
Back to search
HIGHCVE-2026-46085Published Modified CNA Linux

CVE-2026-46085: rxrpc: Fix rxkad crypto unalignment handling

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix rxkad crypto unalignment handling Fix handling of a packet with a misaligned crypto length. Also handle non-ENOMEM errors from decryption by aborting. Further, remove the WARN_ON_ONCE() so that it can't be remotely triggered (a trace line can still be emitted).

HarborGuard Analysis

HarborGuard analysis

Synopsis

A denial-of-service vulnerability exists in the Linux kernel's rxrpc subsystem, specifically in the rxkad crypto unalignment handling code. The flaw is reachable over the network without any authentication, allowing a remote attacker to send a specially crafted packet with a misaligned crypto length. Successful exploitation crashes or disrupts the affected service, with no data disclosure or tampering. Patched-image rebuilds at the fix versions (6.6.140, 6.12.86, 6.18.27, and upstream commit 440d20d) are available on HarborGuard for environments running an affected kernel version.

HarborGuard Coverage

Detection

Detection capability for CVE-2026-46085 is available across every HarborGuard environment; the CVE is ingested from upstream feeds within minutes of publication and matched against all customer images, including custom-built images that bundle an affected Linux kernel version.

Available
Triage

HarborGuard scores this CVE at CVSS 7.5 (HIGH) and is capable of weighting that score against each environment's compliance policy to surface it with the appropriate urgency; routing to the correct team or ticket queue is available within each customer organization based on configured notification rules.

Available
Patch

A patched-image rebuild at the fixed kernel versions (6.6.140, 6.12.86, or 6.18.27) becomes available on HarborGuard the moment the upstream fix is confirmed; for customers who opt into auto-remediation, HarborGuard can trigger a rebuild, run a regression test suite, and open a pull request against affected workloads automatically.

Available

Exploit Conditions

  • Network reachabilityRequired

    The vulnerable code is reachable over the network; an attacker must be able to send rxrpc packets to the exposed service to trigger the bug.

  • AuthenticationNot required

    No credentials or account are needed; the malformed packet can be sent by any unauthenticated network peer.

  • Victim interactionNot required

    No user or administrator action is required; the vulnerable path is exercised passively when the kernel processes an incoming packet.

  • Attack complexityDetail

    Exploit reliability is high; no race conditions or special environmental conditions are needed beyond delivering a packet with a misaligned crypto length field.

Blast Radius

  • A successful attacker disrupts the rxrpc service on the target host, causing it to crash or become unresponsive to legitimate callers.
  • No confidential data is read as a result of exploitation (CVSS Confidentiality: None).
  • No data is modified or tampered with as a result of exploitation (CVSS Integrity: None).
  • Services or workloads that depend on rxrpc connectivity (such as AFS clients) lose availability for the duration of the disruption.

How HarborGuard Handles This

Available on HarborGuard: images running a Linux kernel version prior to 6.6.140, 6.12.86, or 6.18.27 are flagged automatically as part of every scan cycle. For customers who opt into auto-remediation, HarborGuard can rebuild affected images at a patched kernel version, execute regression tests, and open a pull request against impacted workloads; median time from CVE publication to merged patch PR for high-severity issues is around 90 minutes in environments with auto-remediation enabled. Where compliance policy requires manual review before merging, the rebuilt image and test results are staged and routed to the designated approver. In the interim, network-policy controls that restrict which peers can send rxrpc traffic to exposed hosts serve as a compensating control worth considering until the patch is applied.

See how HarborGuard automates this

Metrics

CVSS v3.1
7.5
Severity
HIGH
Fixed in
0
Affected Products
2

Fix available

0440d20d95e844b657a93a0b2dcc2aae155efdce66.6.1406.12.866.18.276.207.0.47.1-rc1af9271eb666d07b6f65612dc160a47f7cb5220eddef304aae2edf321d2671fd6ca766a93c21f877ef0d3efd03b2a9e0f1ffa6df8fcb264af3d494286f1c6bd0cc786a8fa74829ce3c4b3673944a308f4
Affected packages
  • Linux / Linux
    < f1c6bd0cc786a8fa74829ce3c4b3673944a308f4 (from 9853917f9edf08efb0b55c26d9eb8340f126d9e9) · < 440d20d95e844b657a93a0b2dcc2aae155efdce6 (from e9c369d58785044427450350ad32d6a2497fb379) · < f0d3efd03b2a9e0f1ffa6df8fcb264af3d494286 (from bf4d6e4a6856eedeb7f66eb91224115bfff4e2cb) · < af9271eb666d07b6f65612dc160a47f7cb5220ed (from f93af41b9f5f798823d0d0fb8765c2a936d76270) · < def304aae2edf321d2671fd6ca766a93c21f877e (from f93af41b9f5f798823d0d0fb8765c2a936d76270) · 5cdf57eda01a1ffaeb61ac39ec4dcc94a690431e
  • Linux / Linux
    7.0
    Fixed in 0, 6.6.140, 6.12.86, 6.18.27, 7.0.4, 7.1-rc1
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References