SB2026060414 - Improper input validation in Linux kernel ipv6
Published: June 4, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Improper input validation (CVE-ID: CVE-2026-46266)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to alter forwarding and path MTU exception handling state.
The vulnerability exists due to improper input validation in RAW socket handling in the IPv4 and IPv6 ICMP error delivery paths when processing malicious incoming ICMP packets with an embedded packet header using protocol 255. A remote attacker can send a specially crafted ICMP packet to alter forwarding and path MTU exception handling state.
Exploitation requires the presence of a RAW socket created with IPPROTO_RAW.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/19e42490c89bac9a388f28179e66bebbef350f99
- https://git.kernel.org/stable/c/531c1aec81bfe19d00af13da5531fbb8209e4bd2
- https://git.kernel.org/stable/c/719d3932b8f6e3348ce2f0ac58e278301fc17575
- https://git.kernel.org/stable/c/c89477ad79446867394360b29bb801010fc3ff22
- https://git.kernel.org/stable/c/db76b75ede3810e7cf9cfea5067d4f3e0993768b