In the Linux kernel, the following vulnerability has been resolved:
net: strparser: fix skb_head leak in strp_abort_strp()
When the stream parser is aborted, for example after a message assembly timeout,
it can still hold a reference to a partially assembled message in
strp->skb_head.
That skb is not released in strp_abort_strp(), which leaks the partially
assembled message and can be triggered repeatedly to exhaust memory.
Fix this by freeing strp->skb_head and resetting the parser state in the
abort path. Leave strp_stop() unchanged so final cleanup still happens in
strp_done() after the work and timer have been synchronized.
References
Configurations
Configuration 1 (hide)
|
History
25 Jun 2026, 21:18
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://git.kernel.org/stable/c/19ca9475f18f991735f98a22e735c43e95e6298d - Patch | |
| References | () https://git.kernel.org/stable/c/5327dad2ffe9c1b49881dd6d51ff3c6893847568 - Patch | |
| References | () https://git.kernel.org/stable/c/56082f442023db9be1a5a29d4ee361de4017c0b7 - Patch | |
| References | () https://git.kernel.org/stable/c/a470ed71c906cc8cbad0d74c9942216698911f8b - Patch | |
| References | () https://git.kernel.org/stable/c/c2e57695ec9ff9d42f23de70f3805199153d007b - Patch | |
| References | () https://git.kernel.org/stable/c/d6668ce0e78d23eabecef9a6bc4f0f739cb28ad3 - Patch | |
| References | () https://git.kernel.org/stable/c/e9ae00490d474757c0f9c65073de83e6bb1e5a00 - Patch | |
| References | () https://git.kernel.org/stable/c/fe72340daaf1af588be88056faf98965f39e6032 - Patch | |
| CWE | CWE-401 | |
| CPE | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | |
| First Time |
Linux linux Kernel
Linux |
01 Jun 2026, 17:17
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
30 May 2026, 11:17
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
27 May 2026, 14:17
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-05-27 14:17
Updated : 2026-06-25 21:18
NVD link : CVE-2026-46102
Mitre link : CVE-2026-46102
CVE.ORG link : CVE-2026-46102
JSON object : View
Products Affected
linux
- linux_kernel
CWE
CWE-401
Missing Release of Memory after Effective Lifetime
