CVE-2026-46037

In the Linux kernel, the following vulnerability has been resolved:

ipv4: icmp: validate reply type before using icmp pointers

Extended echo replies use ICMP EXT ECHOREPLY as the outbound reply type. That value is outside the range covered by icmp pointers[], which only describes the traditional ICMP types up to NR ICMP TYPES.

Avoid consulting icmp pointers[] for reply types outside that range, and use array index nospec() for the remaining in-range lookup. Normal ICMP replies keep their existing behavior unchanged.