{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-46037", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-05-13T15:03:33.093Z", "datePublished": "2026-05-27T12:56:47.795Z", "dateUpdated": "2026-06-01T16:17:22.343Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-06-01T16:17:22.343Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv4: icmp: validate reply type before using icmp_pointers\n\nExtended echo replies use ICMP_EXT_ECHOREPLY as the outbound reply type.\nThat value is outside the range covered by icmp_pointers[], which only\ndescribes the traditional ICMP types up to NR_ICMP_TYPES.\n\nAvoid consulting icmp_pointers[] for reply types outside that range, and\nuse array_index_nospec() for the remaining in-range lookup. Normal ICMP\nreplies keep their existing behavior unchanged."}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "baseScore": 8.2, "baseSeverity": "HIGH"}}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/ipv4/icmp.c"], "versions": [{"version": "d329ea5bd8845f0b196bf41b18b6173340d6e0e4", "lessThan": "b3a88fc5ae024d43c5ecf653f3bbe837e4a6dc99", "status": "affected", "versionType": "git"}, {"version": "d329ea5bd8845f0b196bf41b18b6173340d6e0e4", "lessThan": "93df2af4f491de33827550b9d420f01808c0706b", "status": "affected", "versionType": "git"}, {"version": "d329ea5bd8845f0b196bf41b18b6173340d6e0e4", "lessThan": "92e7c209036dcc0e8ffdf806fdfd3645b263bea5", "status": "affected", "versionType": "git"}, {"version": "d329ea5bd8845f0b196bf41b18b6173340d6e0e4", "lessThan": "bc64a66e0b9ad937d3d49934242ee62b01ba9a94", "status": "affected", "versionType": "git"}, {"version": "d329ea5bd8845f0b196bf41b18b6173340d6e0e4", "lessThan": "c2178ff1c70ebfc2ab9651b230c58a34683db759", "status": "affected", "versionType": "git"}, {"version": "d329ea5bd8845f0b196bf41b18b6173340d6e0e4", "lessThan": "d700c34a5d186b9ba0715bcb19e0ff80ffbfbfc1", "status": "affected", "versionType": "git"}, {"version": "d329ea5bd8845f0b196bf41b18b6173340d6e0e4", "lessThan": "67bf002a2d7387a6312138210d0bd06e3cf4879b", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/ipv4/icmp.c"], "versions": [{"version": "5.13", "status": "affected"}, {"version": "0", "lessThan": "5.13", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.209", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.175", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.140", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.86", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.27", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0.4", "lessThanOrEqual": "7.0.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.1-rc1", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.13", "versionEndExcluding": "5.15.209"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.13", "versionEndExcluding": "6.1.175"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.13", "versionEndExcluding": "6.6.140"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.13", "versionEndExcluding": "6.12.86"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.13", "versionEndExcluding": "6.18.27"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.13", "versionEndExcluding": "7.0.4"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.13", "versionEndExcluding": "7.1-rc1"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/b3a88fc5ae024d43c5ecf653f3bbe837e4a6dc99"}, {"url": "https://git.kernel.org/stable/c/93df2af4f491de33827550b9d420f01808c0706b"}, {"url": "https://git.kernel.org/stable/c/92e7c209036dcc0e8ffdf806fdfd3645b263bea5"}, {"url": "https://git.kernel.org/stable/c/bc64a66e0b9ad937d3d49934242ee62b01ba9a94"}, {"url": "https://git.kernel.org/stable/c/c2178ff1c70ebfc2ab9651b230c58a34683db759"}, {"url": "https://git.kernel.org/stable/c/d700c34a5d186b9ba0715bcb19e0ff80ffbfbfc1"}, {"url": "https://git.kernel.org/stable/c/67bf002a2d7387a6312138210d0bd06e3cf4879b"}], "title": "ipv4: icmp: validate reply type before using icmp_pointers", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv4: icmp: validate reply type before using icmp_pointers\n\nExtended echo replies use ICMP_EXT_ECHOREPLY as the outbound reply type.\nThat value is outside the range covered by icmp_pointers[], which only\ndescribes the traditional ICMP types up to NR_ICMP_TYPES.\n\nAvoid consulting icmp_pointers[] for reply types outside that range, and\nuse array_index_nospec() for the remaining in-range lookup. Normal ICMP\nreplies keep their existing behavior unchanged."}], "id": "CVE-2026-46037", "lastModified": "2026-06-01T17:17:19.513", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 4.2, "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "type": "Secondary"}]}, "published": "2026-05-27T14:17:23.027", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/67bf002a2d7387a6312138210d0bd06e3cf4879b"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/92e7c209036dcc0e8ffdf806fdfd3645b263bea5"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/93df2af4f491de33827550b9d420f01808c0706b"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/b3a88fc5ae024d43c5ecf653f3bbe837e4a6dc99"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/bc64a66e0b9ad937d3d49934242ee62b01ba9a94"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/c2178ff1c70ebfc2ab9651b230c58a34683db759"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/d700c34a5d186b9ba0715bcb19e0ff80ffbfbfc1"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: ipv4: icmp: validate reply type before using icmp_pointers", "id": "2482061", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2482061"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-1285", "details": ["A flaw was found in the Linux kernel, specifically within its IPv4 Internet Control Message Protocol (ICMP) component. This vulnerability occurs because the system does not properly check the type of ICMP replies before attempting to process them. An attacker could potentially exploit this by sending specially crafted extended echo replies, which might cause the system to access memory outside of its intended boundaries. This could lead to system instability, such as a crash, or potentially expose sensitive information."], "name": "CVE-2026-46037", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-05-27T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-46037\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-46037\nhttps://lore.kernel.org/linux-cve-announce/2026052750-CVE-2026-46037-aa9f@gregkh/T"], "threat_severity": "Moderate"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[d329ea5bd8845f0b196bf41b18b6173340d6e0e4,92e7c209036dcc0e8ffdf806fdfd3645b263bea5)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[d329ea5bd8845f0b196bf41b18b6173340d6e0e4,bc64a66e0b9ad937d3d49934242ee62b01ba9a94)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[d329ea5bd8845f0b196bf41b18b6173340d6e0e4,c2178ff1c70ebfc2ab9651b230c58a34683db759)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[d329ea5bd8845f0b196bf41b18b6173340d6e0e4,d700c34a5d186b9ba0715bcb19e0ff80ffbfbfc1)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[d329ea5bd8845f0b196bf41b18b6173340d6e0e4,67bf002a2d7387a6312138210d0bd06e3cf4879b)"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "5.13"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[0,5.13)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.6.140,6.7.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.12.86,6.13.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.18.27,6.19.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[7.0.4,7.1.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[7.1-rc1,*]"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}], "created": "2026-05-27T18:30:26.982267+00:00", "updated": "2026-05-30T14:45:25.475634+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"]}