Severity: Unknown
Affected Package: kernel
Summary: KTLS receive path may overwrite file-backed memory via shared mbufs
The KTLS receive path could decrypt records in place into detached records that contained non-anonymous M_EXTPG pages or sendfile EXT_SFBUF mbufs. Those buffers may reference file-backed memory that must not be modified by the receive path, leading to memory/data corruption. Fixed by rejecting shared mbufs on receive decrypt.
No specific recommendations provided.
Aliases: CVE-2026-45257
Published: June 11, 2026
Last Modified: June 11, 2026