In the Linux kernel, the following vulnerability has been resolved:
RDMA/rxe: Validate pad and ICRC before payload_size() in rxe_rcv
rxe_rcv() currently checks only that the incoming packet is at least
header_size(pkt) bytes long before payload_size() is used.
However, payload_size() subtracts both the attacker-controlled BTH pad
field and RXE_ICRC_SIZE from pkt->paylen:
payload_size = pkt->paylen - offset[RXE_PAYLOAD] - bth_pad(pkt)
- RXE_ICRC_SIZE
This means a short packet can still make payload_size() underflow even
if it includes enough bytes for the fixed headers. Simply requiring
header_size(pkt) + RXE_ICRC_SIZE is not sufficient either, because a
packet with a forged non-zero BTH pad can still leave payload_size()
negative and pass an underflowed value to later receive-path users.
Fix this by validating pkt->paylen against the full minimum length
required by payload_size(): header_size(pkt) + bth_pad(pkt) +
RXE_ICRC_SIZE.
References
Configurations
Configuration 1 (hide)
|
History
16 Jun 2026, 15:13
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://git.kernel.org/stable/c/2c0d71ef12f46c57d37bc571f3f2797db7eb50cc - Patch | |
| References | () https://git.kernel.org/stable/c/2fd4f8b749309a61c3f3f88ee8891d94f79e1240 - Patch | |
| References | () https://git.kernel.org/stable/c/5fedefec757192dcaad29a664ac332c7601be144 - Patch | |
| References | () https://git.kernel.org/stable/c/7244491dab347f648e661da96dc0febadd9daec3 - Patch | |
| References | () https://git.kernel.org/stable/c/9b924f3a26b21330a837cfe72e819b6393bbeeaa - Patch | |
| References | () https://git.kernel.org/stable/c/c4376c672c3648d5bdc31dfffc329d07164f93c4 - Patch | |
| References | () https://git.kernel.org/stable/c/e8ee0e792d475b1067c199ef0af1b6221fa6f43d - Patch | |
| References | () https://git.kernel.org/stable/c/f83519a4c122c9c7a850a2197648a9ff4c67c520 - Patch | |
| CPE | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | |
| First Time |
Linux linux Kernel
Linux |
|
| CWE | NVD-CWE-noinfo |
01 Jun 2026, 17:17
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
30 May 2026, 11:17
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.1 |
27 May 2026, 14:17
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-05-27 14:17
Updated : 2026-06-17 10:52
NVD link : CVE-2026-46043
Mitre link : CVE-2026-46043
CVE.ORG link : CVE-2026-46043
JSON object : View
Products Affected
linux
- linux_kernel
CWE
