CVE-2026-46037

Source
https://cve.org/CVERecord?id=CVE-2026-46037
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-46037.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2026-46037
Downstream
Related
Published
2026-05-27T12:56:47.795Z
Modified
2026-07-02T09:29:17.337972744Z
Severity
  • 8.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H CVSS Calculator
Summary
ipv4: icmp: validate reply type before using icmp_pointers
Details

In the Linux kernel, the following vulnerability has been resolved:

ipv4: icmp: validate reply type before using icmp_pointers

Extended echo replies use ICMPEXTECHOREPLY as the outbound reply type. That value is outside the range covered by icmppointers[], which only describes the traditional ICMP types up to NRICMP_TYPES.

Avoid consulting icmppointers[] for reply types outside that range, and use arrayindex_nospec() for the remaining in-range lookup. Normal ICMP replies keep their existing behavior unchanged.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/46xxx/CVE-2026-46037.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
d329ea5bd8845f0b196bf41b18b6173340d6e0e4
Fixed
b3a88fc5ae024d43c5ecf653f3bbe837e4a6dc99
Fixed
93df2af4f491de33827550b9d420f01808c0706b
Fixed
92e7c209036dcc0e8ffdf806fdfd3645b263bea5
Fixed
bc64a66e0b9ad937d3d49934242ee62b01ba9a94
Fixed
c2178ff1c70ebfc2ab9651b230c58a34683db759
Fixed
d700c34a5d186b9ba0715bcb19e0ff80ffbfbfc1
Fixed
67bf002a2d7387a6312138210d0bd06e3cf4879b

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-46037.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.13.0
Fixed
5.15.209
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
6.1.175
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.140
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.86
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.18.27
Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
7.0.4

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-46037.json"