CVE-2026-46172
Linux Kernel IPv6 XFRM dst Reference Leak
Publication date: 2026-05-28
Last updated on: 2026-05-28
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Linux kernel's IPv6 networking code, specifically in the xfrm6_rcv_encap() function. When this function performs an IPv6 route lookup and encounters an error route, it fails to properly release a referenced destination (dst) entry. Instead of releasing the reference, it drops the packet (skb) without freeing the dst, causing a resource leak.
How can this vulnerability impact me? :
The impact of this vulnerability is a resource leak in the Linux kernel's networking stack. Repeatedly triggering this error path can cause the system to leak dst entries, potentially leading to increased memory usage and degraded system performance or stability over time.