Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

CVE-2026-46330

Gravedad CVSS v3.1:
ALTA
Tipo:
CWE-416 Utilización después de liberación
Fecha de publicación:
09/06/2026
Última modificación:
08/07/2026

Descripción

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> Revert "net/smc: Introduce TCP ULP support"<br /> <br /> This reverts commit d7cd421da9da2cc7b4d25b8537f66db5c8331c40.<br /> <br /> As reported by Al Viro, the TCP ULP support for SMC is fundamentally<br /> broken. The implementation attempts to convert an active TCP socket<br /> into an SMC socket by modifying the underlying `struct file`, dentry,<br /> and inode in-place, which violates core VFS invariants that assume<br /> these structures are immutable for an open file, creating a risk of<br /> use after free errors and general system instability.<br /> <br /> Given the severity of this design flaw and the fact that cleaner<br /> alternatives (e.g., LD_PRELOAD, BPF) exist for legacy application<br /> transparency, the correct course of action is to remove this feature<br /> entirely.

Productos y versiones vulnerables

CPE Desde Hasta
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.17 (incluyendo) 6.19.4 (excluyendo)