CVE Catalog

CVE-2026-46330

HighCVSS 7.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.11%

2th percentile - higher than 2% of all known CVEs

Summary

The Linux kernel reverts TCP ULP support for SMC due to a fundamental design flaw. The implementation modified the struct file, dentry, and inode of an active TCP socket, violating VFS invariants and causing use-after-free risks and system instability.

Risk Assessment

Organizations risk system crashes, memory corruption, or use-after-free attacks if using SMC TCP ULP. Immediate kernel update or feature disablement is recommended.

Recommendation

Update the Linux kernel to a version containing the revert of commit d7cd421da9da or later. If updating is not possible, disable SMC TCP ULP via module parameter or security policy.

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: Revert "net/smc: Introduce TCP ULP support" This reverts commit d7cd421da9da2cc7b4d25b8537f66db5c8331c40. As reported by Al Viro, the TCP ULP support for SMC is fundamentally broken. The implementation attempts to convert an active TCP socket into an SMC socket by modifying the underlying `struct file`, dentry, and inode in-place, which violates core VFS invariants that assume these structures are immutable for an open file, creating a risk of use after free errors and general system instability. Given the severity of this design flaw and the fact that cleaner alternatives (e.g., LD_PRELOAD, BPF) exist for legacy application transparency, the correct course of action is to remove this feature entirely.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS