CVE Catalog

CVE-2026-46266

CriticalCVSS 9.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.06%

19th percentile — higher than 19% of all known CVEs

Summary

A vulnerability has been identified in the Linux kernel concerning RAW sockets using the IPPROTO_RAW protocol. A malicious ICMP packet can lead to unauthorized changes in the FNHE cache.

Risk Assessment

Organizations may be exposed to attacks that exploit this vulnerability to manipulate network traffic, potentially leading to serious security issues.

Recommendation

It is recommended that administrators ensure all incoming ICMP packets are dropped by RAW sockets using the IPPROTO_RAW protocol.

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: inet: RAW sockets using IPPROTO_RAW MUST drop incoming ICMP Yizhou Zhao reported that simply having one RAW socket on protocol IPPROTO_RAW (255) was dangerous. socket(AF_INET, SOCK_RAW, 255); A malicious incoming ICMP packet can set the protocol field to 255 and match this socket, leading to FNHE cache changes. inner = IP(src="192.168.2.1", dst="8.8.8.8", proto=255)/Raw("TEST") pkt = IP(src="192.168.1.1", dst="192.168.2.1")/ICMP(type=3, code=4, nexthopmtu=576)/inner "man 7 raw" states: A protocol of IPPROTO_RAW implies enabled IP_HDRINCL and is able to send any IP protocol that is specified in the passed header. Receiving of all IP protocols via IPPROTO_RAW is not possible using raw sockets. Make sure we drop these malicious packets.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS