CVE-2026-46266

In the Linux kernel, the following vulnerability has been resolved:

inet: RAW sockets using IPPROTO RAW MUST drop incoming ICMP

Yizhou Zhao reported that simply having one RAW socket on protocol IPPROTO RAW (255) was dangerous.

socket(AF INET, SOCK RAW, 255);

A malicious incoming ICMP packet can set the protocol field to 255 and match this socket, leading to FNHE cache changes.

inner = IP(src="192.168.2.1", dst="8.8.8.8", proto=255)/Raw("TEST") pkt = IP(src="192.168.1.1", dst="192.168.2.1")/ICMP(type=3, code=4, nexthopmtu=576)/inner

"man 7 raw" states:

A protocol of IPPROTO RAW implies enabled IP HDRINCL and is able to send any IP protocol that is specified in the passed header. Receiving of all IP protocols via IPPROTO RAW is not possible using raw sockets.

Make sure we drop these malicious packets.