CVE-2026-46172
Analyzed Analyzed - Analysis Complete
Linux Kernel IPv6 XFRM dst Reference Leak

Publication date: 2026-05-28

Last updated on: 2026-06-10

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: ipv6: xfrm6: release dst on error in xfrm6_rcv_encap() xfrm6_rcv_encap() performs an IPv6 route lookup when the skb does not already have a dst attached. ip6_route_input_lookup() returns a referenced dst entry even when the lookup resolves to an error route. If dst->error is set, xfrm6_rcv_encap() drops the skb without attaching the dst to the skb and without releasing the reference returned by the lookup. Repeated packets hitting this path therefore leak dst entries. Release the dst before jumping to the drop path.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-28
Last Modified
2026-06-10
Generated
2026-06-17
AI Q&A
2026-05-29
EPSS Evaluated
2026-06-16
NVD
CVE-2026-46172
EUVD
EUVD-2026-32799
Affected Vendors & Products
Showing 9 associated CPEs
Vendor Product Version / Range
linux linux_kernel 7.1
linux linux_kernel 7.1
linux linux_kernel From 6.13 (inc) to 6.18.30 (exc)
linux linux_kernel From 5.16 (inc) to 6.1.175 (exc)
linux linux_kernel From 5.11 (inc) to 5.15.209 (exc)
linux linux_kernel From 6.19 (inc) to 7.0.7 (exc)
linux linux_kernel From 6.7 (inc) to 6.12.88 (exc)
linux linux_kernel From 6.2 (inc) to 6.6.140 (exc)
linux linux_kernel From 5.8 (inc) to 5.10.258 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Mitigation Strategies

The vulnerability has been resolved in the Linux kernel by ensuring that the dst entry is properly released before dropping the skb in the xfrm6_rcv_encap() function. To mitigate this vulnerability, you should update your Linux kernel to a version that includes this fix.

Executive Summary

This vulnerability exists in the Linux kernel's IPv6 networking code, specifically in the xfrm6_rcv_encap() function. When this function performs an IPv6 route lookup and encounters an error route, it fails to properly release a referenced destination (dst) entry. Instead of releasing the reference, it drops the packet (skb) without freeing the dst, causing a resource leak.

Impact Analysis

The impact of this vulnerability is a resource leak in the Linux kernel's networking stack. Repeatedly triggering this error path can cause the system to leak dst entries, potentially leading to increased memory usage and degraded system performance or stability over time.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-46172. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart