CVE-2026-46043

In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Validate pad and ICRC before payload_size() in rxe_rcv rxe_rcv() currently checks only that the incoming packet is at least header_size(pkt) bytes long before payload_size() is used. However, payload_size() subtracts both the attacker-controlled BTH pad field and RXE_ICRC_SIZE from pkt->paylen: payload_size = pkt->paylen - offset[RXE_PAYLOAD] - bth_pad(pkt) - RXE_ICRC_SIZE This means a short packet can still make payload_size() underflow even if it includes enough bytes for the fixed headers. Simply requiring header_size(pkt) + RXE_ICRC_SIZE is not sufficient either, because a packet with a forged non-zero BTH pad can still leave payload_size() negative and pass an underflowed value to later receive-path users. Fix this by validating pkt->paylen against the full minimum length required by payload_size(): header_size(pkt) + bth_pad(pkt) + RXE_ICRC_SIZE.
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

History

16 Jun 2026, 15:13

Type Values Removed Values Added
References () https://git.kernel.org/stable/c/2c0d71ef12f46c57d37bc571f3f2797db7eb50cc - () https://git.kernel.org/stable/c/2c0d71ef12f46c57d37bc571f3f2797db7eb50cc - Patch
References () https://git.kernel.org/stable/c/2fd4f8b749309a61c3f3f88ee8891d94f79e1240 - () https://git.kernel.org/stable/c/2fd4f8b749309a61c3f3f88ee8891d94f79e1240 - Patch
References () https://git.kernel.org/stable/c/5fedefec757192dcaad29a664ac332c7601be144 - () https://git.kernel.org/stable/c/5fedefec757192dcaad29a664ac332c7601be144 - Patch
References () https://git.kernel.org/stable/c/7244491dab347f648e661da96dc0febadd9daec3 - () https://git.kernel.org/stable/c/7244491dab347f648e661da96dc0febadd9daec3 - Patch
References () https://git.kernel.org/stable/c/9b924f3a26b21330a837cfe72e819b6393bbeeaa - () https://git.kernel.org/stable/c/9b924f3a26b21330a837cfe72e819b6393bbeeaa - Patch
References () https://git.kernel.org/stable/c/c4376c672c3648d5bdc31dfffc329d07164f93c4 - () https://git.kernel.org/stable/c/c4376c672c3648d5bdc31dfffc329d07164f93c4 - Patch
References () https://git.kernel.org/stable/c/e8ee0e792d475b1067c199ef0af1b6221fa6f43d - () https://git.kernel.org/stable/c/e8ee0e792d475b1067c199ef0af1b6221fa6f43d - Patch
References () https://git.kernel.org/stable/c/f83519a4c122c9c7a850a2197648a9ff4c67c520 - () https://git.kernel.org/stable/c/f83519a4c122c9c7a850a2197648a9ff4c67c520 - Patch
CPE cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
First Time Linux linux Kernel
Linux
CWE NVD-CWE-noinfo

01 Jun 2026, 17:17

Type Values Removed Values Added
References
  • () https://git.kernel.org/stable/c/2c0d71ef12f46c57d37bc571f3f2797db7eb50cc -
  • () https://git.kernel.org/stable/c/5fedefec757192dcaad29a664ac332c7601be144 -
  • () https://git.kernel.org/stable/c/c4376c672c3648d5bdc31dfffc329d07164f93c4 -

30 May 2026, 11:17

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.1

27 May 2026, 14:17

Type Values Removed Values Added
New CVE

Information

Published : 2026-05-27 14:17

Updated : 2026-06-17 10:52


NVD link : CVE-2026-46043

Mitre link : CVE-2026-46043

CVE.ORG link : CVE-2026-46043


JSON object : View

Products Affected

linux

  • linux_kernel