CVE-2026-46027 - Vulnerability Details

- net/smc: avoid early lgr access in smc_clc_wait_msg

Description

In the Linux kernel, the following vulnerability has been resolved:

net/smc: avoid early lgr access in smc_clc_wait_msg

A CLC decline can be received while the handshake is still in an early
stage, before the connection has been associated with a link group.

The decline handling in smc_clc_wait_msg() updates link-group level sync
state for first-contact declines, but that state only exists after link
group setup has completed. Guard the link-group update accordingly and
keep the per-socket peer diagnosis handling unchanged.

This preserves the existing sync_err handling for established link-group
contexts and avoids touching link-group state before it is available.

Published: 2026-05-27

Score: 7.5 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`0cfdd8f92cac01afbb12e4500514036a2b78756b`	affected	< 257cdf0c5ced9c0fba8aba501d94b0a5fcef2086
`0cfdd8f92cac01afbb12e4500514036a2b78756b`	affected	< 22546729b96fc873b23065dc49e3d73c45cfb874
`0cfdd8f92cac01afbb12e4500514036a2b78756b`	affected	< 5eedbfd82c2884e0010fdfb3c9446a6ebcadb691
`0cfdd8f92cac01afbb12e4500514036a2b78756b`	affected	< f0858e1d5624bb120b198f2a8528f97a9b0ae069
`0cfdd8f92cac01afbb12e4500514036a2b78756b`	affected	< 6180a296ca65b08a81914805cbc0f78da5f10a1f
`0cfdd8f92cac01afbb12e4500514036a2b78756b`	affected	< ea0b5d0fe96356dce38f98375a57c52a04e13712
`0cfdd8f92cac01afbb12e4500514036a2b78756b`	affected	< 83bcf9228b0501694fb2589ed1d142855a2887f2
`0cfdd8f92cac01afbb12e4500514036a2b78756b`	affected	< 5a8db80f721deee8e916c2cfdee78decda02ce4f

Linux

affected

Version	Status	Constraints
`4.11`	affected	—
`0`	unaffected	< 4.11
`5.10.258`	unaffected	≤ 5.10.*
`5.15.209`	unaffected	≤ 5.15.*
`6.1.175`	unaffected	≤ 6.1.*
`6.6.140`	unaffected	≤ 6.6.*
`6.12.86`	unaffected	≤ 6.12.*
`6.18.27`	unaffected	≤ 6.18.*
`7.0.4`	unaffected	≤ 7.0.*
`7.1`	unaffected	≤ *

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[0cfdd8f92cac01afbb12e4500514036a2b78756b,f0858e1d5624bb120b198f2a8528f97a9b0ae069)`	affected	code_commit	—
`[0cfdd8f92cac01afbb12e4500514036a2b78756b,6180a296ca65b08a81914805cbc0f78da5f10a1f)`	affected	code_commit	—
`[0cfdd8f92cac01afbb12e4500514036a2b78756b,ea0b5d0fe96356dce38f98375a57c52a04e13712)`	affected	code_commit	—
`[0cfdd8f92cac01afbb12e4500514036a2b78756b,83bcf9228b0501694fb2589ed1d142855a2887f2)`	affected	code_commit	—
`[0cfdd8f92cac01afbb12e4500514036a2b78756b,5a8db80f721deee8e916c2cfdee78decda02ce4f)`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`4.11`	affected	generic	—
`[0,4.11)`	unaffected	generic	—
`[6.6.140,6.7.0)`	unaffected	semver	—
`[6.12.86,6.13.0)`	unaffected	semver	—
`[6.18.27,6.19.0)`	unaffected	semver	—
`[7.0.4,7.1.0)`	unaffected	semver	—
`[7.1-rc1,*]`	unaffected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00501.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/22546729b96fc873b23065dc49e3d73c45cfb874
https://git.kernel.org/stable/c/257cdf0c5ced9c0fba8aba501d94b0a5fcef2086
https://git.kernel.org/stable/c/5a8db80f721deee8e916c2cfdee78decda02ce4f
https://git.kernel.org/stable/c/5eedbfd82c2884e0010fdfb3c9446a6ebcadb691
https://git.kernel.org/stable/c/6180a296ca65b08a81914805cbc0f78da5f10a1f
https://git.kernel.org/stable/c/83bcf9228b0501694fb2589ed1d142855a2887f2
https://git.kernel.org/stable/c/ea0b5d0fe96356dce38f98375a57c52a04e13712
https://git.kernel.org/stable/c/f0858e1d5624bb120b198f2a8528f97a9b0ae069
https://lore.kernel.org/linux-cve-announce/2026052748-CVE-2026-46027-91a3@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-46027
https://www.cve.org/CVERecord?id=CVE-2026-46027

History

Tue, 16 Jun 2026 16:00:00 +0000

Type	Values Removed	Values Added
Weaknesses		NVD-CWE-noinfo

Mon, 01 Jun 2026 17:00:00 +0000

Type	Values Removed	Values Added
References		https://git.kernel.org/stable/c/22546729b96fc873b23065dc49e3d73c45cfb874 https://git.kernel.org/stable/c/257cdf0c5ced9c0fba8aba501d94b0a5fcef2086 https://git.kernel.org/stable/c/5eedbfd82c2884e0010fdfb3c9446a6ebcadb691

Sat, 30 May 2026 11:00:00 +0000

Type	Values Removed	Values Added
Metrics	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}`	cvssV3_1 `{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}`

Thu, 28 May 2026 04:00:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-254

Thu, 28 May 2026 00:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-366
References		https://lore.kernel.org/linux-cve-announce/2026052748-CVE-2026-46027-91a3@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2026-46027 https://www.cve.org/CVERecord?id=CVE-2026-46027
Metrics	threat_severity `None`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}` threat_severity `Moderate`

Wed, 27 May 2026 23:00:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-254

Wed, 27 May 2026 14:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: net/smc: avoid early lgr access in smc_clc_wait_msg A CLC decline can be received while the handshake is still in an early stage, before the connection has been associated with a link group. The decline handling in smc_clc_wait_msg() updates link-group level sync state for first-contact declines, but that state only exists after link group setup has completed. Guard the link-group update accordingly and keep the per-socket peer diagnosis handling unchanged. This preserves the existing sync_err handling for established link-group contexts and avoids touching link-group state before it is available.
Title		net/smc: avoid early lgr access in smc_clc_wait_msg
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/5a8db80f721deee8e916c2cfdee78decda02ce4f https://git.kernel.org/stable/c/6180a296ca65b08a81914805cbc0f78da5f10a1f https://git.kernel.org/stable/c/83bcf9228b0501694fb2589ed1d142855a2887f2 https://git.kernel.org/stable/c/ea0b5d0fe96356dce38f98375a57c52a04e13712 https://git.kernel.org/stable/c/f0858e1d5624bb120b198f2a8528f97a9b0ae069

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-05-27T12:56:35.628Z

Updated: 2026-06-14T17:48:56.975Z

Reserved: 2026-05-13T15:03:33.093Z

Link: CVE-2026-46027

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2026-05-27T14:17:21.303

Modified: 2026-06-17T10:52:55.480

Link: CVE-2026-46027

Redhat

Severity : Moderate

Publid Date: 2026-05-27T00:00:00Z

Links: CVE-2026-46027 - Bugzilla

OpenCVE Enrichment

Updated: 2026-06-17T22:15:02Z

Weaknesses

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object