{
  "affected": [
    {
      "ranges": [
        {
          "events": [
            {
              "introduced": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2"
            },
            {
              "fixed": "db76b75ede3810e7cf9cfea5067d4f3e0993768b"
            },
            {
              "fixed": "19e42490c89bac9a388f28179e66bebbef350f99"
            },
            {
              "fixed": "531c1aec81bfe19d00af13da5531fbb8209e4bd2"
            },
            {
              "fixed": "719d3932b8f6e3348ce2f0ac58e278301fc17575"
            },
            {
              "fixed": "c89477ad79446867394360b29bb801010fc3ff22"
            }
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "type": "GIT"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Linux",
        "name": "Kernel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.6.12"
            },
            {
              "fixed": "6.6.128"
            }
          ],
          "type": "ECOSYSTEM"
        },
        {
          "events": [
            {
              "introduced": "6.7.0"
            },
            {
              "fixed": "6.12.75"
            }
          ],
          "type": "ECOSYSTEM"
        },
        {
          "events": [
            {
              "introduced": "6.13.0"
            },
            {
              "fixed": "6.18.14"
            }
          ],
          "type": "ECOSYSTEM"
        },
        {
          "events": [
            {
              "introduced": "6.19.0"
            },
            {
              "fixed": "6.19.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "database_specific": {
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/46xxx/CVE-2026-46266.json"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ninet: RAW sockets using IPPROTO_RAW MUST drop incoming ICMP\n\nYizhou Zhao reported that simply having one RAW socket on protocol\nIPPROTO_RAW (255) was dangerous.\n\n  socket(AF_INET, SOCK_RAW, 255);\n\nA malicious incoming ICMP packet can set the protocol field to 255\nand match this socket, leading to FNHE cache changes.\n\ninner = IP(src=\"192.168.2.1\", dst=\"8.8.8.8\", proto=255)/Raw(\"TEST\")\npkt = IP(src=\"192.168.1.1\", dst=\"192.168.2.1\")/ICMP(type=3, code=4, nexthopmtu=576)/inner\n\n\"man 7 raw\" states:\n\n  A protocol of IPPROTO_RAW implies enabled IP_HDRINCL and is able\n  to send any IP protocol that is specified in the passed header.\n  Receiving of all IP protocols via IPPROTO_RAW is not possible\n  using raw sockets.\n\nMake sure we drop these malicious packets.",
  "id": "CVE-2026-46266",
  "modified": "2026-07-08T05:36:37.588519964Z",
  "published": "2026-06-03T15:50:07.907Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/19e42490c89bac9a388f28179e66bebbef350f99"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/531c1aec81bfe19d00af13da5531fbb8209e4bd2"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/719d3932b8f6e3348ce2f0ac58e278301fc17575"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c89477ad79446867394360b29bb801010fc3ff22"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/db76b75ede3810e7cf9cfea5067d4f3e0993768b"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/46xxx/CVE-2026-46266.json"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46266"
    },
    {
      "type": "PACKAGE",
      "url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"
    }
  ],
  "schema_version": "1.7.5",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "inet: RAW sockets using IPPROTO_RAW MUST drop incoming ICMP"
}