CVE Catalog

CVE-2026-46027

HighCVSS 7.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.51%

39th percentile - higher than 39% of all known CVEs

Summary

A vulnerability in the Linux kernel has been resolved in the smc_clc_wait_msg function. The issue involved handling connection declines during the early handshake stage, which could lead to incorrect updates of the link group synchronization state.

Risk Assessment

The vulnerability could lead to improper management of synchronization state, potentially affecting the stability of connections within link groups. Organizations should be aware of potential performance and reliability issues in their networks.

Recommendation

It is recommended to update the Linux kernel to the latest version to eliminate this vulnerability and ensure proper management of link group synchronization state.

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: net/smc: avoid early lgr access in smc_clc_wait_msg A CLC decline can be received while the handshake is still in an early stage, before the connection has been associated with a link group. The decline handling in smc_clc_wait_msg() updates link-group level sync state for first-contact declines, but that state only exists after link group setup has completed. Guard the link-group update accordingly and keep the per-socket peer diagnosis handling unchanged. This preserves the existing sync_err handling for established link-group contexts and avoids touching link-group state before it is available.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS