CVE-2026-46027
Analyzed Analyzed - Analysis Complete
Linux Kernel SMC Protocol Race Condition

Publication date: 2026-05-27

Last updated on: 2026-06-16

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: net/smc: avoid early lgr access in smc_clc_wait_msg A CLC decline can be received while the handshake is still in an early stage, before the connection has been associated with a link group. The decline handling in smc_clc_wait_msg() updates link-group level sync state for first-contact declines, but that state only exists after link group setup has completed. Guard the link-group update accordingly and keep the per-socket peer diagnosis handling unchanged. This preserves the existing sync_err handling for established link-group contexts and avoids touching link-group state before it is available.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-27
Last Modified
2026-06-16
Generated
2026-06-16
AI Q&A
2026-05-27
EPSS Evaluated
2026-06-15
NVD
CVE-2026-46027
EUVD
EUVD-2026-32408
Affected Vendors & Products
Showing 7 associated CPEs
Vendor Product Version / Range
linux linux_kernel From 6.7 (inc) to 6.12.86 (exc)
linux linux_kernel From 5.16 (inc) to 6.1.175 (exc)
linux linux_kernel From 5.11 (inc) to 5.15.209 (exc)
linux linux_kernel From 6.2 (inc) to 6.6.140 (exc)
linux linux_kernel From 6.13 (inc) to 6.18.27 (exc)
linux linux_kernel From 6.19 (inc) to 7.0.4 (exc)
linux linux_kernel From 4.11 (inc) to 5.10.258 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linux kernel's net/smc component, specifically in the smc_clc_wait_msg function. During the early stage of a handshake, a CLC decline message can be received before the connection is associated with a link group. The decline handling code attempts to update the link-group level synchronization state, but this state is only valid after the link group setup is complete. The vulnerability involves updating this state prematurely, which can lead to incorrect handling of the connection state.

The fix involves guarding the link-group update to ensure it only happens after the link group setup is complete, preserving the existing error handling for established link groups and avoiding touching link-group state before it is available.

Impact Analysis

This vulnerability involves the Linux kernel's handling of a CLC decline message during an early stage of the handshake process in the net/smc component. If exploited, it could lead to improper updates of the link-group synchronization state before the link group setup is complete. However, the fix ensures that the link-group update is guarded and that per-socket peer diagnosis handling remains unchanged, preserving existing error handling for established link groups.

In practical terms, this means that without the fix, there could be potential instability or incorrect state handling in the network communication over SMC (Shared Memory Communications) links during connection setup, which might affect network reliability or cause unexpected behavior in systems relying on this kernel feature.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-46027. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart