CVE-2026-45847

MEDIUM

net: remove WARN_ON_ONCE when accessing forward path array

Title source: cna
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: net: remove WARN_ON_ONCE when accessing forward path array Although unlikely, recent support for IPIP tunnels increases chances of reaching this WARN_ON_ONCE if userspace manages to build a sufficiently long forward path. Remove it.

Scores

CVSS v3 5.5
EPSS 0.0016
EPSS Percentile 5.1%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-617
Status published
Products (23)
linux/Kernel 5.13.0 - 5.15.202linux
linux/Kernel 5.16.0 - 6.1.165linux
linux/Kernel 6.13.0 - 6.18.14linux
linux/Kernel 6.19.0 - 6.19.4linux
linux/Kernel 6.2.0 - 6.6.128linux
linux/Kernel 6.7.0 - 6.12.75linux
Linux/Linux < 5.13
Linux/Linux 5.13
Linux/Linux 5.15.202 - 5.15.*
Linux/Linux 6.1.165 - 6.1.*
... and 13 more
Published May 27, 2026
Tracked Since May 27, 2026