CVE-2026-53151

In the Linux kernel, the following vulnerability has been resolved:

rxrpc: Fix the ACK parser to extract the SACK table for parsing

Fix modification of the received skbuff in rxrpc input soft acks() and a potential incorrect access of the buffer in a fragmented UDP packet (the packet would probably have to be deliberately pre-generated as fragmented) when AF RXRPC tries to extract the contents of the SACK table by copying out the contents of the SACK table into a buffer before attempting to parse

AF RXRPC assumes that it can just call skb condense() and then validly access the SACK table from skb->data and that it will be a flat buffer - but skb condense() can silently fail to do anything under some circumstances.

Note that whilst rxrpc input soft acks() should be able to parse extended ACKs, the rest of AF RXRPC doesn't currently support that.

Further, there's then no need to call skb condense() in rxrpc input ack(), so don't.