inet: RAW sockets using IPPROTO_RAW MUST drop incoming ICMP
Yizhou Zhao reported that simply having one RAW socket on protocol
IPPROTO_RAW (255) was dangerous.
socket(AF_INET, SOCK_RAW, 255);
A malicious incoming ICMP packet can set the protocol field to 255
and match this socket, leading to FNHE cache changes.
inner = IP(src="192.168.2.1", dst="8.8.8.8", proto=255)/Raw("TEST")
pkt = IP(src="192.168.1.1", dst="192.168.2.1")/ICMP(type=3, code=4, nexthopmtu=576)/inner
"man 7 raw" states:
A protocol of IPPROTO_RAW implies enabled IP_HDRINCL and is able
to send any IP protocol that is specified in the passed header.
Receiving of all IP protocols via IPPROTO_RAW is not possible
using raw sockets.
Make sure we drop these malicious packets.
| Source | ID | Title |
|---|---|---|
Ubuntu USN |
USN-8490-1 | Linux kernel vulnerabilities |
Ubuntu USN |
USN-8491-1 | Linux kernel (OEM) vulnerabilities |
Ubuntu USN |
USN-8492-1 | Linux kernel vulnerabilities |
Ubuntu USN |
USN-8492-2 | Linux kernel vulnerabilities |
Ubuntu USN |
USN-8497-1 | Linux kernel (Low Latency) vulnerabilities |
Ubuntu USN |
USN-8498-1 | Linux kernel (NVIDIA Tegra) vulnerabilities |
Ubuntu USN |
USN-8499-1 | Linux kernel (Xilinx) vulnerabilities |
Ubuntu USN |
USN-8508-1 | Linux kernel (NVIDIA) vulnerabilities |
Ubuntu USN |
USN-8492-3 | Linux kernel (Raspberry Pi Real-time) vulnerabilities |
Ubuntu USN |
USN-8490-2 | Linux kernel (Real-time) vulnerabilities |
Ubuntu USN |
USN-8492-4 | Linux kernel (Raspberry Pi) vulnerabilities |
Ubuntu USN |
USN-8492-5 | Linux kernel (FIPS) vulnerabilities |
Ubuntu USN |
USN-8545-1 | Linux kernel (HWE) vulnerabilities |
Ubuntu USN |
USN-8546-1 | Linux kernel (Raspberry Pi) vulnerabilities |
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
Tue, 09 Jun 2026 20:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Weaknesses | NVD-CWE-noinfo | |
| CPEs | cpe:2.3:o:linux:linux_kernel:2.6.12:-:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:2.6.12:rc2:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:2.6.12:rc3:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:2.6.12:rc4:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:2.6.12:rc5:*:*:*:*:*:* |
Fri, 05 Jun 2026 06:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
cvssV3_1
|
cvssV3_1
|
Thu, 04 Jun 2026 02:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Weaknesses | CWE-284 |
Thu, 04 Jun 2026 00:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Weaknesses | CWE-1287 | |
| References |
| |
| Metrics |
threat_severity
|
cvssV3_1
|
Wed, 03 Jun 2026 19:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Weaknesses | CWE-284 |
Wed, 03 Jun 2026 17:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | In the Linux kernel, the following vulnerability has been resolved: inet: RAW sockets using IPPROTO_RAW MUST drop incoming ICMP Yizhou Zhao reported that simply having one RAW socket on protocol IPPROTO_RAW (255) was dangerous. socket(AF_INET, SOCK_RAW, 255); A malicious incoming ICMP packet can set the protocol field to 255 and match this socket, leading to FNHE cache changes. inner = IP(src="192.168.2.1", dst="8.8.8.8", proto=255)/Raw("TEST") pkt = IP(src="192.168.1.1", dst="192.168.2.1")/ICMP(type=3, code=4, nexthopmtu=576)/inner "man 7 raw" states: A protocol of IPPROTO_RAW implies enabled IP_HDRINCL and is able to send any IP protocol that is specified in the passed header. Receiving of all IP protocols via IPPROTO_RAW is not possible using raw sockets. Make sure we drop these malicious packets. | |
| Title | inet: RAW sockets using IPPROTO_RAW MUST drop incoming ICMP | |
| First Time appeared |
Linux
Linux linux Kernel |
|
| CPEs | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | |
| Vendors & Products |
Linux
Linux linux Kernel |
|
| References |
|
|
Projects
Sign in to view the affected projects.
Status: PUBLISHED
Assigner: Linux
Published:
Updated: 2026-06-05T06:06:39.945Z
Reserved: 2026-05-13T15:03:33.108Z
Link: CVE-2026-46266
No data.
Status : Analyzed
Published: 2026-06-03T18:16:28.147
Modified: 2026-06-09T19:47:18.280
Link: CVE-2026-46266
OpenCVE Enrichment
Updated: 2026-06-09T23:15:16Z
Ubuntu USN