SCTP Association Vulnerability in Linux Kernel
CVE-2026-46227

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 28 May 2026

What is CVE-2026-46227?

A flaw has been identified in the way the Linux kernel handles SCTP associations, specifically related to the SCTP_SENDALL path in sctp_sendmsg(). The issue arises during the iteration over associations, where if the socket lock is dropped, a race condition can occur that results in stale references to cached data. This vulnerability can lead to a use-after-free scenario or type confusion, potentially allowing an attacker to execute arbitrary code through controlled indirect calls. The vulnerability highlights the need for careful re-validation of pointers after socket operations to prevent such weaknesses.

Affected Version(s)

Linux 4910280503f3af2857d5aa77e35b22d93a8960a8 < 1bfb06ecb00f7fdf35dba8e8f2877346cbe5e078

Linux 4910280503f3af2857d5aa77e35b22d93a8960a8 < 6187a172d6ed57d6b2c327836e4407c6456e639d

Linux 4910280503f3af2857d5aa77e35b22d93a8960a8

References

https://git.kernel.org/stable/c/1bfb06ecb00f7fdf35dba8e8f...

https://git.kernel.org/stable/c/6187a172d6ed57d6b2c327836...

https://git.kernel.org/stable/c/c9dadb31f36045a8cb65df4bd...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 28, 2026
Vulnerability Reserved
May 13, 2026

CVE-2026-46227 Data

JSON