Incorrect calculation in Linux kernel - CVE-2026-46193
Published: May 29, 2026
Vulnerability identifier: #VU133009
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2026-46193
CWE-ID: CWE-682
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to improper handling of ESN high bits in async callbacks in the AH implementation when processing AH packets with ESN enabled using an asynchronous AH implementation. A local user can send specially crafted AH traffic to cause a denial of service.
The issue affects both IPv4 and IPv6 AH paths, and exploitation requires ESN to be enabled with an asynchronous AH implementation selected.
How to mitigate CVE-2026-46193
Install security update from vendor's repository.
Sources
- https://git.kernel.org/stable/c/0555d4f526232b3c9e3afbcd490c0c0793aefec6
- https://git.kernel.org/stable/c/2ffaa7a94f9a4d22724364a1821735a0231d9f8d
- https://git.kernel.org/stable/c/729899a2aa8bda7844be0cdcd3b470f11b912eda
- https://git.kernel.org/stable/c/7db99a09b3bc87268287bc7ab5f2e7f382b5ad87
- https://git.kernel.org/stable/c/ec54093e6a8f87e800bb6aa15eb7fc1e33faa524