CVE-2026-46027

Source
https://cve.org/CVERecord?id=CVE-2026-46027
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-46027.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2026-46027
Downstream
Related
Published
2026-05-27T12:56:35.628Z
Modified
2026-06-18T03:56:03.050267329Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
net/smc: avoid early lgr access in smc_clc_wait_msg
Details

In the Linux kernel, the following vulnerability has been resolved:

net/smc: avoid early lgr access in smcclcwait_msg

A CLC decline can be received while the handshake is still in an early stage, before the connection has been associated with a link group.

The decline handling in smcclcwait_msg() updates link-group level sync state for first-contact declines, but that state only exists after link group setup has completed. Guard the link-group update accordingly and keep the per-socket peer diagnosis handling unchanged.

This preserves the existing sync_err handling for established link-group contexts and avoids touching link-group state before it is available.

Database specific
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/46xxx/CVE-2026-46027.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
0cfdd8f92cac01afbb12e4500514036a2b78756b
Fixed
257cdf0c5ced9c0fba8aba501d94b0a5fcef2086
Fixed
22546729b96fc873b23065dc49e3d73c45cfb874
Fixed
5eedbfd82c2884e0010fdfb3c9446a6ebcadb691
Fixed
f0858e1d5624bb120b198f2a8528f97a9b0ae069
Fixed
6180a296ca65b08a81914805cbc0f78da5f10a1f
Fixed
ea0b5d0fe96356dce38f98375a57c52a04e13712
Fixed
83bcf9228b0501694fb2589ed1d142855a2887f2
Fixed
5a8db80f721deee8e916c2cfdee78decda02ce4f

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-46027.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.11.0
Fixed
5.10.258
Type
ECOSYSTEM
Events
Introduced
5.11.0
Fixed
5.15.209
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
6.1.175
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.140
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.86
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.18.27
Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
7.0.4

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-46027.json"