ACK: [SRU][N][PATCH 0/1] CVE-2026-53151

Alessio Faina alessio.faina at canonical.com
Wed Jul 15 14:26:57 UTC 2026


On Wed, Jul 15, 2026 at 11:47:11AM +0300, Cengiz Can via kernel-team wrote:
> https://ubuntu.com/security/CVE-2026-53151
> 
> [ Impact ]
> 
> AF_RXRPC incorrectly assumed that after calling skb_condense() it could
> directly access a flat SACK table from skb->data, but skb_condense() can
> silently do nothing under certain circumstances. This caused
> rxrpc_input_soft_acks() to modify the received skbuff and potentially perform
> an incorrect access of the buffer in a fragmented UDP packet, which could be
> deliberately pre-generated as fragmented. With a CVSS score of 9.8, this is a
> critical vulnerability that could be triggered remotely.
> 
> [ Fix ]
> 
> noble: backported with AI-assisted adaptation
> 
> [ Test Plan ]
> 
> Boot tested.
> 
> [ Where Problems Could Occur ]
> 
> A regression in this change could affect the rxrpc/AF_RXRPC subsystem, causing
> incorrect parsing of ACK packets or SACK tables and potentially disrupting AFS
> and other RxRPC-based network connections.
> 
> -- 
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team

Acked-by: Alessio Faina <alessio.faina at canonical.com>



More information about the kernel-team mailing list