CVE-2026-46104 in Linuxالمعلومات

الملخص

بحسب MITRE • 28/05/2026

In the Linux kernel, the following vulnerability has been resolved:

selinux: use sk blob accessor in socket permission helpers

SELinux socket state lives in the composite LSM socket blob.

sock_has_perm() and nlmsg_sock_has_extended_perms() currently dereference sk->sk_security directly, which assumes the SELinux socket blob is at offset zero.

In stacked configurations that assumption does not hold. If another LSM allocates socket blob storage before SELinux, these helpers may read the wrong blob and feed invalid SID and class values into AVC checks.

Use selinux_sock() instead of accessing sk->sk_security directly.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

مسؤول

Linux

حجز

13/05/2026

إفشاء

28/05/2026

الاعتدال

تمت الموافقة

إدخال

VDB-366609

CPE

جاهز

CWE

CWE-275 (مؤكد)

CVSS

8.0 (VulDB)

EPSS

0.00022

KEV

لا

النشاطات

منخفض جدًا

القطاع

Industry, Insurance, ...

المصادر

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-46104
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-46104
CVE Details	https://www.cvedetails.com/cve/CVE-2026-46104/

التالي ▸نظرة عامة ◂ السابق

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!