CVE-2026-46037
Published May 27, 2026
Modified May 27, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: ipv4: icmp: validate reply type before using icmp_pointers Extended echo replies use ICMP_EXT_ECHOREPLY as the outbound reply type. That value is outside the range covered by icmp_pointers[], which only describes the traditional ICMP types up to NR_ICMP_TYPES. Avoid consulting icmp_pointers[] for reply types outside that range, and use array_index_nospec() for the remaining in-range lookup. Normal ICMP replies keep their existing behavior unchanged.
References
Other References
https://git.kernel.org/stable/c/67bf002a2d7387a6312138210d0bd06e3cf4879b
https://git.kernel.org/stable/c/92e7c209036dcc0e8ffdf806fdfd3645b263bea5
https://git.kernel.org/stable/c/bc64a66e0b9ad937d3d49934242ee62b01ba9a94
https://git.kernel.org/stable/c/c2178ff1c70ebfc2ab9651b230c58a34683db759
https://git.kernel.org/stable/c/d700c34a5d186b9ba0715bcb19e0ff80ffbfbfc1
Frequently Asked Questions
What is CVE-2026-46037? +
In the Linux kernel, the following vulnerability has been resolved:
ipv4: icmp: validate reply type before using icmp_pointers
Extended echo replies use ICMP_EXT_ECHOREPLY as the outbound reply type.
That value is outside the range covered by icmp_pointers[], which only
describes the traditional ICMP types up to NR_ICMP_TYPES.
Avoid consulting icmp_pointers[] for reply types outside that range, and
use array_index_nospec() for the remaining in-range lookup. Normal ICMP
replies keep their existing behavior unchanged.
How do I check if I'm vulnerable to CVE-2026-46037? +
You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.