Out-of-bounds read in Linux kernel - CVE-2026-45843
Published: May 28, 2026
Vulnerability identifier: #VU132659
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2026-45843
CWE-ID: CWE-125
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a remote attacker to disclose sensitive information.
The vulnerability exists due to an out-of-bounds read in slhc_uncompress() when parsing a short VJ-compressed TCP header with optional fields requested in the change byte. A remote attacker can send a specially crafted compressed packet to disclose sensitive information.
The over-read bytes are incorporated into cached connection state and may be reflected into subsequent reconstructed packets.
How to mitigate CVE-2026-45843
Install security update from vendor's repository.
Sources
- https://git.kernel.org/stable/c/0511ecb00e61bf28e2fec4bb41fcce385c3a3b2d
- https://git.kernel.org/stable/c/37537e42e6df387398bee85cb85070cc80bb1e10
- https://git.kernel.org/stable/c/4c1367a2d7aad643a6f87c6931b13cc1a25e8ca7
- https://git.kernel.org/stable/c/4cefe32639933d652614b0bd50f818f9af4af78f
- https://git.kernel.org/stable/c/d42bec6e4f6d6d658be365539400b3314b76b2a7