Out-of-bounds Read Affecting rv package, versions *


Severity

Recommended
0.0
medium
0
10

Based on CentOS security rating.

Threat Intelligence

EPSS
0.48% (38th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-CENTOS10-RV-17592217
  • published27 Jun 2026
  • disclosed25 Jun 2026

Introduced: 25 Jun 2026

NewCVE-2026-53151  (opens in a new tab)
CWE-125  (opens in a new tab)

How to fix?

There is no fixed version for Centos:10 rv.

NVD Description

Note: Versions mentioned in the description apply only to the upstream rv package and not the rv package as distributed by Centos. See How to fix? for Centos:10 relevant fixed versions and status.

In the Linux kernel, the following vulnerability has been resolved:

rxrpc: Fix the ACK parser to extract the SACK table for parsing

Fix modification of the received skbuff in rxrpc_input_soft_acks() and a potential incorrect access of the buffer in a fragmented UDP packet (the packet would probably have to be deliberately pre-generated as fragmented) when AF_RXRPC tries to extract the contents of the SACK table by copying out the contents of the SACK table into a buffer before attempting to parse

AF_RXRPC assumes that it can just call skb_condense() and then validly access the SACK table from skb->data and that it will be a flat buffer - but skb_condense() can silently fail to do anything under some circumstances.

Note that whilst rxrpc_input_soft_acks() should be able to parse extended ACKs, the rest of AF_RXRPC doesn't currently support that.

Further, there's then no need to call skb_condense() in rxrpc_input_ack(), so don't.

CVSS Base Scores

version 3.1