MNBSD-2026-21: KTLS receive path may overwrite file-backed memory via shared mbufs

Severity: Unknown

Affected Package: kernel

Summary: KTLS receive path may overwrite file-backed memory via shared mbufs

Description

The KTLS receive path could decrypt records in place into detached records that contained non-anonymous M_EXTPG pages or sendfile EXT_SFBUF mbufs. Those buffers may reference file-backed memory that must not be modified by the receive path, leading to memory/data corruption. Fixed by rejecting shared mbufs on receive decrypt.

Affected Versions

kernel

Recommendations

No specific recommendations provided.

References

Additional Information

Aliases: CVE-2026-45257

Published: June 11, 2026
Last Modified: June 11, 2026