CVE-2026-46037

Summary

In the Linux kernel, the following vulnerability has been resolved:

ipv4: icmp: validate reply type before using icmp_pointers

Extended echo replies use ICMP_EXT_ECHOREPLY as the outbound reply type. That value is outside the range covered by icmp_pointers[], which only describes the traditional ICMP types up to NR_ICMP_TYPES.

Avoid consulting icmp_pointers[] for reply types outside that range, and use array_index_nospec() for the remaining in-range lookup. Normal ICMP replies keep their existing behavior unchanged.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxd329ea5bd8845f0b196bf41b18b6173340d6e0e4 < b3a88fc5ae024d43c5ecf653f3bbe837e4a6dc99affected
LinuxLinuxd329ea5bd8845f0b196bf41b18b6173340d6e0e4 < 93df2af4f491de33827550b9d420f01808c0706baffected
LinuxLinuxd329ea5bd8845f0b196bf41b18b6173340d6e0e4 < 92e7c209036dcc0e8ffdf806fdfd3645b263bea5affected
LinuxLinuxd329ea5bd8845f0b196bf41b18b6173340d6e0e4 < bc64a66e0b9ad937d3d49934242ee62b01ba9a94affected
LinuxLinuxd329ea5bd8845f0b196bf41b18b6173340d6e0e4 < c2178ff1c70ebfc2ab9651b230c58a34683db759affected
LinuxLinuxd329ea5bd8845f0b196bf41b18b6173340d6e0e4 < d700c34a5d186b9ba0715bcb19e0ff80ffbfbfc1affected
LinuxLinuxd329ea5bd8845f0b196bf41b18b6173340d6e0e4 < 67bf002a2d7387a6312138210d0bd06e3cf4879baffected
LinuxLinux5.13affected
LinuxLinux0 < 5.13unaffected
LinuxLinux5.15.209 <= 5.15.*unaffected
LinuxLinux6.1.175 <= 6.1.*unaffected
LinuxLinux6.6.140 <= 6.6.*unaffected
LinuxLinux6.12.86 <= 6.12.*unaffected
LinuxLinux6.18.27 <= 6.18.*unaffected
LinuxLinux7.0.4 <= 7.0.*unaffected
LinuxLinux7.1 <= *unaffected

Weaknesses

References