External risk intelligence

Linux Kernel rxrpc Packet Re-decryption Vulnerability

CVE advisorySeverity: CRITICAL (CVSS 9.8)

CVE-2026-45988

A vulnerability exists in the Linux kernel's rxrpc protocol that could allow response packets to be re-decrypted incorrectly, potentially leading to data exposure or integrity issues. While not typically internet-facing, the protocol's network nature means that if reachable, this flaw could impact system confidentialit

3Halo Surface Signal

Linux Kernel

2.6.22 to before 6.6.1406.7 to before 6.12.866.13 to before 6.18.276.19 to before 7.0.4

External exposure likelihood

Halo Surface Signal score for CVE-2026-45988

The vulnerability affects the Linux kernel rxrpc protocol. While rxrpc is a network protocol, it is primarily used for internal distributed file system traffic (AFS) rather than as a public-facing service. Reachability depends on system configuration and firewall policies, making internet exposure possible but not a standard deployment pattern.

PCI scan relevance

PCI Relevance for CVE-2026-45988

Yes

CVE-2026-45988 — Halo PCI Relevance: Yes. Under typical PCI ASV external scan criteria, this issue may be flagged for scan prioritization.

This vulnerability allows for the re-decryption of response packets and can lead to a partially decrypted state when processing temporary failures. This could impact the integrity and confidentiality of data, potentially causing a PCI ASV scan failure.

Scan-prioritization guidance only—not a PCI DSS certification or ASV attestation.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Horizon Alert

Summary of the vulnerability and why it matters

A vulnerability in the Linux kernel's rxrpc protocol could allow for the decryption of response packets, potentially leading to data compromise. While the protocol is not typically exposed externally, its nature means that if exploited, it could impact the confidentiality, integrity, and availability of affected systems. Confirming relevance and exposure is the primary leadership concern.

  • Data can be decrypted if processing fails.
  • Critical systems potentially affected by network attacks.
  • Assess if this protocol is in use.

Attack Path

How an attacker could exploit the issue

An attacker could reach the Linux kernel's rxrpc protocol over the network and trigger a vulnerability by sending specially crafted packets. If a response packet encounters a temporary processing failure, it might be re-queued in a partially decrypted state. This flawed re-processing could lead to the packet being handled in a way that exposes sensitive information, allows for data modification, or causes denial of service.

  • Network access required.
  • Packet processing failure triggers vulnerability.
  • Risks include data exposure, modification, and denial of service.

Live Threat

Current exploitation, exposure, and threat context

This vulnerability could allow an attacker to disrupt the processing of network packets, potentially leading to a denial of service or the corruption of partially decrypted data. This could occur when the system attempts to re-process packets that encountered temporary failures during an initial processing attempt.

  • Network packet processing disruption.
  • Partially decrypted packets re-queued.
  • Service availability and data integrity.

Operational Fix

Recommended remediation, mitigation, and detection steps

This vulnerability in the Linux kernel's rxrpc protocol, which can lead to partial decryption and requeuing of packets, likely falls under the responsibility of platform or infrastructure teams managing Linux systems. The first practical step is to identify all Linux systems running affected kernel versions, confirm their exposure to external networks, and then determine the business criticality of each system to prioritize remediation efforts.

  • Platform or infrastructure teams own the issue.
  • Verify system exposure and business criticality first.
  • Plan coordinated maintenance for remediation.

Validate whether this threat affects your internet-facing exposure.

Halo Threat Intelligence helps prioritize remediation with Halo Surface Signal and H/A/L/O context. Start exposure validation with a free external attack surface trial.

Free EASM Trial See How Signal Works

Frequently asked questions

What is the Linux kernel rxrpc protocol?

The Linux kernel includes the rxrpc protocol to facilitate network communication, most commonly for the Andrew File System (AFS). AFS is a distributed file system that allows users to access and modify files stored on remote servers as if they were local. By handling these complex data exchanges directly within the kernel, the software maintains performance and connectivity across distributed computing environments.

How does CVE-2026-45988 affect data security?

This vulnerability involves improper handling of encrypted network packets. When the system encounters a temporary failure while processing a packet, it may attempt to retry the operation. If this logic flaw occurs, the system could re-process or retain the packet in a partially decrypted state. This weakness risks the confidentiality and integrity of network traffic, as it may inadvertently expose sensitive data or allow for unauthorized modification during the re-decryption process.

What triggers this vulnerability in the kernel?

An attacker must be able to send specifically crafted packets over the network to a system using the rxrpc protocol. The flaw is triggered when the kernel experiences a temporary processing failure while handling these packets. Importantly, simply sending standard traffic does not trigger the bug; it requires the specific condition of a failed processing attempt that causes the kernel to incorrectly re-queue the partially decrypted packet for a retry.

Is my system at risk of this network attack?

According to Halo Surface Signal, while this vulnerability is reachable over a network, the rxrpc protocol is typically used for internal distributed file system traffic rather than being exposed as a public-facing service. The risk depends heavily on your local network configuration and firewall policies. While internet exposure is technically possible, it is not a standard or common deployment pattern for this specific protocol.

Do I need to update my Linux systems immediately?

Your first step should be to identify which Linux systems in your environment are running the affected kernel versions. Once you have an inventory, coordinate with your infrastructure team to verify if these systems have the rxrpc protocol enabled and assess their network exposure. Prioritize patching based on the business criticality of the system, as the fix involves applying kernel updates provided by your distribution vendor.

References

Sources and related resources

Primary sources: NVD, CVE.org.

NVDPublished Modified