SB20260529110 - Incorrect calculation in Linux kernel ipv6
Published: May 29, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Incorrect calculation (CVE-ID: CVE-2026-46193)
CWE-ID: CWE-682 - Incorrect Calculation
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to improper handling of ESN high bits in async callbacks in the AH implementation when processing AH packets with ESN enabled using an asynchronous AH implementation. A local user can send specially crafted AH traffic to cause a denial of service.
The issue affects both IPv4 and IPv6 AH paths, and exploitation requires ESN to be enabled with an asynchronous AH implementation selected.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/0555d4f526232b3c9e3afbcd490c0c0793aefec6
- https://git.kernel.org/stable/c/2ffaa7a94f9a4d22724364a1821735a0231d9f8d
- https://git.kernel.org/stable/c/729899a2aa8bda7844be0cdcd3b470f11b912eda
- https://git.kernel.org/stable/c/7db99a09b3bc87268287bc7ab5f2e7f382b5ad87
- https://git.kernel.org/stable/c/ec54093e6a8f87e800bb6aa15eb7fc1e33faa524