ACK: [SRU][N][PATCH 0/1] CVE-2026-53151
Alessio Faina
alessio.faina at canonical.com
Wed Jul 15 14:26:57 UTC 2026
On Wed, Jul 15, 2026 at 11:47:11AM +0300, Cengiz Can via kernel-team wrote:
> https://ubuntu.com/security/CVE-2026-53151
>
> [ Impact ]
>
> AF_RXRPC incorrectly assumed that after calling skb_condense() it could
> directly access a flat SACK table from skb->data, but skb_condense() can
> silently do nothing under certain circumstances. This caused
> rxrpc_input_soft_acks() to modify the received skbuff and potentially perform
> an incorrect access of the buffer in a fragmented UDP packet, which could be
> deliberately pre-generated as fragmented. With a CVSS score of 9.8, this is a
> critical vulnerability that could be triggered remotely.
>
> [ Fix ]
>
> noble: backported with AI-assisted adaptation
>
> [ Test Plan ]
>
> Boot tested.
>
> [ Where Problems Could Occur ]
>
> A regression in this change could affect the rxrpc/AF_RXRPC subsystem, causing
> incorrect parsing of ACK packets or SACK tables and potentially disrupting AFS
> and other RxRPC-based network connections.
>
> --
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team
Acked-by: Alessio Faina <alessio.faina at canonical.com>
More information about the kernel-team
mailing list