CVE & CISA-KEV Catalog

CVE-2026-46027

MEDIUM
5.5
CVSS v3
NVD

Description

In the Linux kernel, the following vulnerability has been resolved: net/smc: avoid early lgr access in smc_clc_wait_msg A CLC decline can be received while the handshake is still in an early stage, before the connection has been associated with a link group. The decline handling in smc_clc_wait_msg() updates link-group level sync state for first-contact declines, but that state only exists after link group setup has completed. Guard the link-group update accordingly and keep the per-socket peer diagnosis handling unchanged. This preserves the existing sync_err handling for established link-group contexts and avoids touching link-group state before it is available.

How to fix

Remediation Available
linuxDebian
Fixed in:5.10.259-1CVE-2026-46027
Fixed in:6.1.176-1CVE-2026-46027
Fixed in:6.12.86-1CVE-2026-46027
Fixed in:7.0.4-1CVE-2026-46027

Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.

CVSS v3 Vector

Exploitability

Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged

Impact

ConfidentialityNone
IntegrityNone
AvailabilityHigh

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploit Intelligence

0.50%probability of exploitation in 30 days
39thpercentile

Low risk: more likely to be exploited than 39% of all known CVEs.

References

Embed a live status badge for CVE-2026-46027
CVE-2026-46027 severity badge

Markdown

[![CVE-2026-46027](https://tridentstack.com/cve/badge/CVE-2026-46027.svg)](https://tridentstack.com/cve/CVE-2026-46027)

HTML

<a href="https://tridentstack.com/cve/CVE-2026-46027"><img src="https://tridentstack.com/cve/badge/CVE-2026-46027.svg" alt="CVE-2026-46027"></a>

Find and fix vulnerabilities across your fleet

TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.

Start free

This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2026-06-16.