CVE-2026-46330
Received Received - Intake

Revert TCP ULP Support in Linux Kernel

Publication date: 2026-06-09

Last updated on: 2026-06-14

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: Revert "net/smc: Introduce TCP ULP support" This reverts commit d7cd421da9da2cc7b4d25b8537f66db5c8331c40. As reported by Al Viro, the TCP ULP support for SMC is fundamentally broken. The implementation attempts to convert an active TCP socket into an SMC socket by modifying the underlying `struct file`, dentry, and inode in-place, which violates core VFS invariants that assume these structures are immutable for an open file, creating a risk of use after free errors and general system instability. Given the severity of this design flaw and the fact that cleaner alternatives (e.g., LD_PRELOAD, BPF) exist for legacy application transparency, the correct course of action is to remove this feature entirely.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-09
Last Modified
2026-06-14
Generated
2026-06-30
AI Q&A
2026-06-10
EPSS Evaluated
2026-06-28
NVD
CVE-2026-46330
EUVD
EUVD-2026-35431

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Impact Analysis

The vulnerability can lead to use-after-free errors and system instability in affected Linux kernel versions. This means that systems running the vulnerable kernel could experience crashes, unpredictable behavior, or potential security risks due to memory corruption.

Executive Summary

This vulnerability exists in the Linux kernel's TCP ULP support for SMC (Shared Memory Communications). The implementation tries to convert an active TCP socket into an SMC socket by modifying core file system structures (struct file, dentry, and inode) in-place. These structures are assumed to be immutable for an open file, so changing them violates core Virtual File System (VFS) invariants.

This violation creates risks such as use-after-free errors and general system instability. Because of the fundamental design flaw, the feature was removed entirely in favor of cleaner alternatives like LD_PRELOAD or BPF for legacy application transparency.

Mitigation Strategies

The vulnerability arises from the TCP ULP support for SMC in the Linux kernel, which is fundamentally broken and causes system instability.

The correct immediate step to mitigate this vulnerability is to remove the TCP ULP support feature entirely, as the problematic commit has been reverted.

Alternatively, cleaner methods such as LD_PRELOAD or BPF can be used for legacy application transparency instead of relying on this broken feature.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-46330. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart