CVE-2026-46102 - Vulnerability Details

- net: strparser: fix skb_head leak in strp_abort_strp()

Description

In the Linux kernel, the following vulnerability has been resolved:

net: strparser: fix skb_head leak in strp_abort_strp()

When the stream parser is aborted, for example after a message assembly timeout,
it can still hold a reference to a partially assembled message in
strp->skb_head.

That skb is not released in strp_abort_strp(), which leaks the partially
assembled message and can be triggered repeatedly to exhaust memory.

Fix this by freeing strp->skb_head and resetting the parser state in the
abort path. Leave strp_stop() unchanged so final cleanup still happens in
strp_done() after the work and timer have been synchronized.

Published: 2026-05-27

Score: 7.5 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`43a0c6751a322847cb6fa0ab8cbf77a1d08bfc0a`	affected	< d6668ce0e78d23eabecef9a6bc4f0f739cb28ad3
`43a0c6751a322847cb6fa0ab8cbf77a1d08bfc0a`	affected	< a470ed71c906cc8cbad0d74c9942216698911f8b
`43a0c6751a322847cb6fa0ab8cbf77a1d08bfc0a`	affected	< c2e57695ec9ff9d42f23de70f3805199153d007b
`43a0c6751a322847cb6fa0ab8cbf77a1d08bfc0a`	affected	< e9ae00490d474757c0f9c65073de83e6bb1e5a00
`43a0c6751a322847cb6fa0ab8cbf77a1d08bfc0a`	affected	< 5327dad2ffe9c1b49881dd6d51ff3c6893847568
`43a0c6751a322847cb6fa0ab8cbf77a1d08bfc0a`	affected	< 19ca9475f18f991735f98a22e735c43e95e6298d
`43a0c6751a322847cb6fa0ab8cbf77a1d08bfc0a`	affected	< 56082f442023db9be1a5a29d4ee361de4017c0b7
`43a0c6751a322847cb6fa0ab8cbf77a1d08bfc0a`	affected	< fe72340daaf1af588be88056faf98965f39e6032

Linux

affected

Version	Status	Constraints
`4.9`	affected	—
`0`	unaffected	< 4.9
`5.10.258`	unaffected	≤ 5.10.*
`5.15.209`	unaffected	≤ 5.15.*
`6.1.175`	unaffected	≤ 6.1.*
`6.6.140`	unaffected	≤ 6.6.*
`6.12.86`	unaffected	≤ 6.12.*
`6.18.27`	unaffected	≤ 6.18.*
`7.0.4`	unaffected	≤ 7.0.*
`7.1`	unaffected	≤ *

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[43a0c6751a322847cb6fa0ab8cbf77a1d08bfc0a,e9ae00490d474757c0f9c65073de83e6bb1e5a00)`	affected	code_commit	—
`[43a0c6751a322847cb6fa0ab8cbf77a1d08bfc0a,5327dad2ffe9c1b49881dd6d51ff3c6893847568)`	affected	code_commit	—
`[43a0c6751a322847cb6fa0ab8cbf77a1d08bfc0a,19ca9475f18f991735f98a22e735c43e95e6298d)`	affected	code_commit	—
`[43a0c6751a322847cb6fa0ab8cbf77a1d08bfc0a,56082f442023db9be1a5a29d4ee361de4017c0b7)`	affected	code_commit	—
`[43a0c6751a322847cb6fa0ab8cbf77a1d08bfc0a,fe72340daaf1af588be88056faf98965f39e6032)`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`4.9`	affected	calver	—
`[0,4.9)`	unaffected	calver	—
`[6.6.140,6.7.0)`	unaffected	semver	—
`[6.12.86,6.13.0)`	unaffected	semver	—
`[6.18.27,6.19.0)`	unaffected	semver	—
`[7.0.4,7.1.0)`	unaffected	semver	—
`[7.1-rc1,*]`	unaffected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00501.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/19ca9475f18f991735f98a22e735c43e95e6298d
https://git.kernel.org/stable/c/5327dad2ffe9c1b49881dd6d51ff3c6893847568
https://git.kernel.org/stable/c/56082f442023db9be1a5a29d4ee361de4017c0b7
https://git.kernel.org/stable/c/a470ed71c906cc8cbad0d74c9942216698911f8b
https://git.kernel.org/stable/c/c2e57695ec9ff9d42f23de70f3805199153d007b
https://git.kernel.org/stable/c/d6668ce0e78d23eabecef9a6bc4f0f739cb28ad3
https://git.kernel.org/stable/c/e9ae00490d474757c0f9c65073de83e6bb1e5a00
https://git.kernel.org/stable/c/fe72340daaf1af588be88056faf98965f39e6032
https://lore.kernel.org/linux-cve-announce/2026052705-CVE-2026-46102-651a@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-46102
https://www.cve.org/CVERecord?id=CVE-2026-46102

History

Mon, 01 Jun 2026 17:00:00 +0000

Type	Values Removed	Values Added
References		https://git.kernel.org/stable/c/a470ed71c906cc8cbad0d74c9942216698911f8b https://git.kernel.org/stable/c/c2e57695ec9ff9d42f23de70f3805199153d007b https://git.kernel.org/stable/c/d6668ce0e78d23eabecef9a6bc4f0f739cb28ad3

Sat, 30 May 2026 11:00:00 +0000

Type	Values Removed	Values Added
Metrics	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}`	cvssV3_1 `{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}`

Thu, 28 May 2026 03:45:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-401

Thu, 28 May 2026 00:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-772
References		https://lore.kernel.org/linux-cve-announce/2026052705-CVE-2026-46102-651a@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2026-46102 https://www.cve.org/CVERecord?id=CVE-2026-46102
Metrics	threat_severity `None`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}` threat_severity `Moderate`

Wed, 27 May 2026 20:30:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-401

Wed, 27 May 2026 14:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: net: strparser: fix skb_head leak in strp_abort_strp() When the stream parser is aborted, for example after a message assembly timeout, it can still hold a reference to a partially assembled message in strp->skb_head. That skb is not released in strp_abort_strp(), which leaks the partially assembled message and can be triggered repeatedly to exhaust memory. Fix this by freeing strp->skb_head and resetting the parser state in the abort path. Leave strp_stop() unchanged so final cleanup still happens in strp_done() after the work and timer have been synchronized.
Title		net: strparser: fix skb_head leak in strp_abort_strp()
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/19ca9475f18f991735f98a22e735c43e95e6298d https://git.kernel.org/stable/c/5327dad2ffe9c1b49881dd6d51ff3c6893847568 https://git.kernel.org/stable/c/56082f442023db9be1a5a29d4ee361de4017c0b7 https://git.kernel.org/stable/c/e9ae00490d474757c0f9c65073de83e6bb1e5a00 https://git.kernel.org/stable/c/fe72340daaf1af588be88056faf98965f39e6032

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-05-27T12:59:09.526Z

Updated: 2026-06-14T17:54:34.668Z

Reserved: 2026-05-13T15:03:33.097Z

Link: CVE-2026-46102

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2026-05-27T14:17:32.323

Modified: 2026-06-17T10:53:04.200

Link: CVE-2026-46102

Redhat

Severity : Moderate

Publid Date: 2026-05-27T00:00:00Z

Links: CVE-2026-46102 - Bugzilla

OpenCVE Enrichment

Updated: 2026-05-30T12:45:23Z

Weaknesses

CWE-772

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object