๐Ÿ” CVE Alert

CVE-2026-45843

HIGH 8.2

slip: bound decode() reads against the compressed packet length

CVSS Score
8.2
EPSS Score
0.0%
EPSS Percentile
0th

In the Linux kernel, the following vulnerability has been resolved: slip: bound decode() reads against the compressed packet length slhc_uncompress() parses a VJ-compressed TCP header by advancing a pointer through the packet via decode() and pull16(). Neither helper bounds-checks against isize, and decode() masks its return with & 0xffff so it can never return the -1 that callers test for -- those error paths are dead code. A short compressed frame whose change byte requests optional fields lets decode() read past the end of the packet. The over-read bytes are folded into the cached cstate and reflected into subsequent reconstructed packets. Make decode() and pull16() take the packet end pointer and return -1 when exhausted. Add a bounds check before the TCP-checksum read. The existing == -1 tests now do what they were always meant to.

Vendor linux
Product linux
Ecosystems
Industries
Technology
Published May 27, 2026
Last Updated Jun 1, 2026
Stay Ahead of the Next One

Get instant alerts for linux linux

Be the first to know when new high vulnerabilities affecting linux linux are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability

Affected Versions

Linux / Linux
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 6268f01ae989013671b526c883e92655342c6f6f 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 9aafba2f49e1fcccc2018816f5836a609c925879 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 335957df4ed60f02a2ec0432fbedbf0cc7241d8b 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 37537e42e6df387398bee85cb85070cc80bb1e10 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 4cefe32639933d652614b0bd50f818f9af4af78f 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 0511ecb00e61bf28e2fec4bb41fcce385c3a3b2d 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < d42bec6e4f6d6d658be365539400b3314b76b2a7 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 4c1367a2d7aad643a6f87c6931b13cc1a25e8ca7
Linux / Linux
2.6.12

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
git.kernel.org: https://git.kernel.org/stable/c/6268f01ae989013671b526c883e92655342c6f6f git.kernel.org: https://git.kernel.org/stable/c/9aafba2f49e1fcccc2018816f5836a609c925879 git.kernel.org: https://git.kernel.org/stable/c/335957df4ed60f02a2ec0432fbedbf0cc7241d8b git.kernel.org: https://git.kernel.org/stable/c/37537e42e6df387398bee85cb85070cc80bb1e10 git.kernel.org: https://git.kernel.org/stable/c/4cefe32639933d652614b0bd50f818f9af4af78f git.kernel.org: https://git.kernel.org/stable/c/0511ecb00e61bf28e2fec4bb41fcce385c3a3b2d git.kernel.org: https://git.kernel.org/stable/c/d42bec6e4f6d6d658be365539400b3314b76b2a7 git.kernel.org: https://git.kernel.org/stable/c/4c1367a2d7aad643a6f87c6931b13cc1a25e8ca7