ACK: [SRU][Q][PATCH 0/1] CVE-2026-46266
Alessio Faina
alessio.faina at canonical.com
Thu Jun 18 10:55:57 UTC 2026
On Thu, Jun 18, 2026 at 08:53:55AM +0300, Cengiz Can via kernel-team wrote:
> https://ubuntu.com/security/CVE-2026-46266
>
> [ Impact ]
>
> A RAW socket bound to protocol IPPROTO_RAW (255) incorrectly received incoming
> packets, despite the documented behavior that IPPROTO_RAW is send-only and
> cannot be used to receive any IP protocol. A malicious incoming ICMP packet can
> set its inner protocol field to 255 to match such a socket, leading to FNHE
> (Forwarding Next Hop Exception) cache changes. This allows an attacker to
> manipulate routing exceptions for arbitrary destinations on systems where any
> RAW IPPROTO_RAW socket exists.
>
> [ Fix ]
>
> questing: clean cherry-pick
>
> [ Test Plan ]
>
> Boot tested.
>
> [ Where Problems Could Occur ]
>
> A regression in the IPv4 RAW socket code could incorrectly drop legitimate
> packets destined for other RAW socket consumers or alter ICMP error delivery
> behavior. Any fault would be confined to the inet RAW socket and ICMP handling
> paths in the networking subsystem.
>
> --
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team
Acked-by: Alessio Faina <alessio.faina at canonical.com>
More information about the kernel-team
mailing list