CVE-2026-46266

CRITICAL EPSS 26.5%
Published Jun 3, 20263w ago · Modified Jun 17, 20261w ago
9.1 CVSS 3.1
Critical
Find Similar
Published Jun 3, 2026 3w ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: inet: RAW sockets using IPPROTO_RAW MUST drop incoming ICMP Yizhou Zhao reported that simply having one RAW socket on protocol IPPROTO_RAW (255) was dangerous. socket(AF_INET, SOCK_RAW, 255); A malicious incoming ICMP packet can set the protocol field to 255 and match this socket, leading to FNHE cache changes. inner = IP(src="192.168.2.1", dst="8.8.8.8", proto=255)/Raw("TEST") pkt = IP(src="192.168.1.1", dst="192.168.2.1")/ICMP(type=3, code=4, nexthopmtu=576)/inner "man 7 raw" states: A protocol of IPPROTO_RAW implies enabled IP_HDRINCL and is able to send any IP protocol that is specified in the passed header. Receiving of all IP protocols via IPPROTO_RAW is not possible using raw sockets. Make sure we drop these malicious packets.

CVSS Details

Base Score
9.1
Exploitability
3.9
Impact
5.2
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality None
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
26.5% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Affected Products 9

VendorProductVersionRange
linuxlinux_kernel*≥2.6.12.1  –  <6.6.128
linuxlinux_kernel*≥6.7  –  <6.12.75
linuxlinux_kernel*≥6.13  –  <6.18.14
linuxlinux_kernel*≥6.19  –  <6.19.4
linuxlinux_kernel2.6.12any
linuxlinux_kernel2.6.12any
linuxlinux_kernel2.6.12any
linuxlinux_kernel2.6.12any
linuxlinux_kernel2.6.12any

References 5

  • git.kernel.org https://git.kernel.org/stable/c/19e42490c89bac9a388f28179e66bebbef350f99
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/531c1aec81bfe19d00af13da5531fbb8209e4bd2
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/719d3932b8f6e3348ce2f0ac58e278301fc17575
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c89477ad79446867394360b29bb801010fc3ff22
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/db76b75ede3810e7cf9cfea5067d4f3e0993768b
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/19e42490c89bac9a388f28179e66bebbef350f99
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/531c1aec81bfe19d00af13da5531fbb8209e4bd2
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/719d3932b8f6e3348ce2f0ac58e278301fc17575
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c89477ad79446867394360b29bb801010fc3ff22
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/db76b75ede3810e7cf9cfea5067d4f3e0993768b
    Patch