Vulnerability in the OpenSSH GSSAPI delta included in various Linux distributions. This vulnerability affects the GSSAPI patches added by various Linux distributions and does not affect the OpenSSH upstream project itself. The usage of sshpkt_disconnect() on an error, which does not terminate the process, allows an attacker to send an unexpected GSSAPI message type during the GSSAPI key exchange to the server, which will call the underlying function and continue the execution of the program without setting the related connection variables. As the variables are not initialized to NULL the code later accesses those uninitialized variables, accessing random memory, which could lead to undefined behavior. The recommended workaround is to use ssh_packet_disconnect() instead, which does terminate the process. The impact of the vulnerability depends heavily on the compiler flag hardening configuration.
This issue has been addressed in the following products: Red Hat Enterprise Linux 10 Via RHSA-2026:6463 https://access.redhat.com/errata/RHSA-2026:6463
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2026:6461 https://access.redhat.com/errata/RHSA-2026:6461
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2026:6462 https://access.redhat.com/errata/RHSA-2026:6462
This issue has been addressed in the following products: Red Hat Enterprise Linux 10.0 Extended Update Support Via RHSA-2026:7107 https://access.redhat.com/errata/RHSA-2026:7107
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.6 Extended Update Support Via RHSA-2026:9415 https://access.redhat.com/errata/RHSA-2026:9415
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.4 Extended Update Support Via RHSA-2026:9732 https://access.redhat.com/errata/RHSA-2026:9732
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions Via RHSA-2026:10714 https://access.redhat.com/errata/RHSA-2026:10714
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions Via RHSA-2026:13750 https://access.redhat.com/errata/RHSA-2026:13750
This issue has been addressed in the following products: RHEL-8 based Middleware Containers Via RHSA-2026:13812 https://access.redhat.com/errata/RHSA-2026:13812
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions Red Hat Enterprise Linux 8.8 Telecommunications Update Service Via RHSA-2026:14924 https://access.redhat.com/errata/RHSA-2026:14924
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On Via RHSA-2026:15891 https://access.redhat.com/errata/RHSA-2026:15891
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions Red Hat Enterprise Linux 8.6 Telecommunications Update Service Via RHSA-2026:15893 https://access.redhat.com/errata/RHSA-2026:15893
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.18 Via RHSA-2026:12071 https://access.redhat.com/errata/RHSA-2026:12071
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.14 Via RHSA-2026:15087 https://access.redhat.com/errata/RHSA-2026:15087
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.15 Via RHSA-2026:14773 https://access.redhat.com/errata/RHSA-2026:14773
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.17 Via RHSA-2026:17596 https://access.redhat.com/errata/RHSA-2026:17596