CVE-2026-46244
Linux Kernel IPv6 Inner Packet Header Desynchronization
Publication date: 2026-06-03
Last updated on: 2026-06-03
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | From 6.2 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Linux kernel's netfilter nft_inner component when processing inner IPv6 packets. Specifically, the function ipv6_find_hdr() correctly calculates the transport header offset by traversing all IPv6 extension headers, but this correct result is immediately overwritten with a fixed offset that only accounts for the IPv6 base header. This causes a desynchronization between the transport header offset and the actual protocol header, which can lead to transport header forgery and potentially allow firewall bypass.
The issue affects stable Linux kernel versions starting from 6.2 and is fixed by removing the incorrect overwrite so that the correct transport header offset is preserved.
How can this vulnerability impact me? :
This vulnerability can allow an attacker to forge transport headers in IPv6 packets, which may enable them to bypass firewall rules that rely on correct header parsing. As a result, unauthorized network traffic could pass through security controls, potentially exposing systems to attacks or unauthorized access.