CVE-2026-46102

In the Linux kernel, the following vulnerability has been resolved: net: strparser: fix skb_head leak in strp_abort_strp() When the stream parser is aborted, for example after a message assembly timeout, it can still hold a reference to a partially assembled message in strp->skb_head. That skb is not released in strp_abort_strp(), which leaks the partially assembled message and can be triggered repeatedly to exhaust memory. Fix this by freeing strp->skb_head and resetting the parser state in the abort path. Leave strp_stop() unchanged so final cleanup still happens in strp_done() after the work and timer have been synchronized.
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

History

25 Jun 2026, 21:18

Type Values Removed Values Added
References () https://git.kernel.org/stable/c/19ca9475f18f991735f98a22e735c43e95e6298d - () https://git.kernel.org/stable/c/19ca9475f18f991735f98a22e735c43e95e6298d - Patch
References () https://git.kernel.org/stable/c/5327dad2ffe9c1b49881dd6d51ff3c6893847568 - () https://git.kernel.org/stable/c/5327dad2ffe9c1b49881dd6d51ff3c6893847568 - Patch
References () https://git.kernel.org/stable/c/56082f442023db9be1a5a29d4ee361de4017c0b7 - () https://git.kernel.org/stable/c/56082f442023db9be1a5a29d4ee361de4017c0b7 - Patch
References () https://git.kernel.org/stable/c/a470ed71c906cc8cbad0d74c9942216698911f8b - () https://git.kernel.org/stable/c/a470ed71c906cc8cbad0d74c9942216698911f8b - Patch
References () https://git.kernel.org/stable/c/c2e57695ec9ff9d42f23de70f3805199153d007b - () https://git.kernel.org/stable/c/c2e57695ec9ff9d42f23de70f3805199153d007b - Patch
References () https://git.kernel.org/stable/c/d6668ce0e78d23eabecef9a6bc4f0f739cb28ad3 - () https://git.kernel.org/stable/c/d6668ce0e78d23eabecef9a6bc4f0f739cb28ad3 - Patch
References () https://git.kernel.org/stable/c/e9ae00490d474757c0f9c65073de83e6bb1e5a00 - () https://git.kernel.org/stable/c/e9ae00490d474757c0f9c65073de83e6bb1e5a00 - Patch
References () https://git.kernel.org/stable/c/fe72340daaf1af588be88056faf98965f39e6032 - () https://git.kernel.org/stable/c/fe72340daaf1af588be88056faf98965f39e6032 - Patch
CWE CWE-401
CPE cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
First Time Linux linux Kernel
Linux

01 Jun 2026, 17:17

Type Values Removed Values Added
References
  • () https://git.kernel.org/stable/c/a470ed71c906cc8cbad0d74c9942216698911f8b -
  • () https://git.kernel.org/stable/c/c2e57695ec9ff9d42f23de70f3805199153d007b -
  • () https://git.kernel.org/stable/c/d6668ce0e78d23eabecef9a6bc4f0f739cb28ad3 -

30 May 2026, 11:17

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.5

27 May 2026, 14:17

Type Values Removed Values Added
New CVE

Information

Published : 2026-05-27 14:17

Updated : 2026-06-25 21:18


NVD link : CVE-2026-46102

Mitre link : CVE-2026-46102

CVE.ORG link : CVE-2026-46102


JSON object : View

Products Affected

linux

  • linux_kernel
CWE
CWE-401

Missing Release of Memory after Effective Lifetime