Linux Kernel Local FDB Entry Manipulation Risk
CVE-2026-46086

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 27 May 2026

What is CVE-2026-46086?

The Linux kernel exhibits a vulnerability related to local FDB entries where updates could lead to inconsistent values being observed by RCU readers. When fdb_delete_local() is invoked to modify an entry's destination (f->dst), it can cause readers to see an outdated or NULL value. This inconsistency can lead to a null pointer dereference, resulting in potential disruption of network services. The vulnerability has been addressed by implementing a stable snapshot mechanism in RCU readers ensuring that all checks and accesses utilize a consistent view of the data.

Affected Version(s)

Linux 960b589f86c74ce582922fcb996103271081f4de < 0b9e4bbfb7c949151e3acd44ed4aa33614d2e110

Linux 960b589f86c74ce582922fcb996103271081f4de < 81af4137a30c4c2dc694dea8cacb180bd66000ef

Linux 960b589f86c74ce582922fcb996103271081f4de < 5424e678f9b304e148cf5dcc047cffc7a56a3bb5

References

https://git.kernel.org/stable/c/0b9e4bbfb7c949151e3acd44e...

https://git.kernel.org/stable/c/81af4137a30c4c2dc694dea8c...

https://git.kernel.org/stable/c/5424e678f9b304e148cf5dcc0...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 27, 2026
Vulnerability Reserved
May 13, 2026

CVE-2026-46086 Data

JSON