APPLIED: [SRU][J][PATCH 0/1] CVE-2026-46266

Stefan Bader stefan.bader at canonical.com
Tue Jul 14 14:46:13 UTC 2026


On 24/06/2026 02:23, Cengiz Can via kernel-team wrote:
> https://ubuntu.com/security/CVE-2026-46266
> 
> [ Impact ]
> 
> A RAW socket opened on protocol IPPROTO_RAW (255) incorrectly matches incoming
> ICMP error packets whose embedded inner header carries protocol 255. A
> malicious ICMP packet (for example type 3, code 4) can therefore reach such a
> socket and trigger FNHE (forwarding next hop exception) cache changes in the
> routing layer. Per "man 7 raw", receiving of IP protocols via IPPROTO_RAW is
> not supposed to be possible, so these packets must be dropped rather than
> delivered.
> 
> [ Fix ]
> 
> jammy: backported with AI-assisted adaptation
> focal: backported with AI-assisted adaptation
> 
> [ Test Plan ]
> 
> Boot tested.
> 
> [ Where Problems Could Occur ]
> 
> If the fix is incorrect, it could affect delivery of legitimate traffic to RAW
> sockets in the IPv4 input path, or alter ICMP error handling and routing
> exception (FNHE) behavior in the inet subsystem.
> 

Applied to jammy:linux/master-next. Thanks.

-Stefan

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0xE8675DEECBEECEA3.asc
Type: application/pgp-keys
Size: 52669 bytes
Desc: OpenPGP public key
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20260714/a1579cb3/attachment-0001.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20260714/a1579cb3/attachment-0001.sig>


More information about the kernel-team mailing list