Linux Kernel up to 7.0.6 flow_dissector infinite loop
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 4.6 | $0-$5k | 0.00 |
Summary
A vulnerability classified as critical has been found in Linux Kernel up to 6.1.174/6.6.139/6.12.87/6.18.29/7.0.6. This impacts an unknown function of the component flow_dissector. This manipulation causes infinite loop. This vulnerability is registered as CVE-2026-46306. No exploit is available. It is recommended to upgrade the affected component.
Details
A vulnerability classified as critical was found in Linux Kernel up to 6.1.174/6.6.139/6.12.87/6.18.29/7.0.6. Affected by this vulnerability is some unknown processing of the component flow_dissector. The manipulation with an unknown input leads to a infinite loop vulnerability. The CWE definition for the vulnerability is CWE-835. The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop. As an impact it is known to affect availability. The summary by CVE is:
In the Linux kernel, the following vulnerability has been resolved: flow_dissector: do not dissect PPPoE PFC frames RFC 2516 Section 7 states that Protocol Field Compression (PFC) is NOT RECOMMENDED for PPPoE. In practice, pppd does not support negotiating PFC for PPPoE sessions, and the flow dissector driver has assumed an uncompressed frame until the blamed commit. During the review process of that commit [1], support for PFC is suggested. However, having a compressed (1-byte) protocol field means the subsequent PPP payload is shifted by one byte, causing 4-byte misalignment for the network header and an unaligned access exception on some architectures. The exception can be reproduced by sending a PPPoE PFC frame to an ethernet interface of a MIPS board, with RPS enabled, even if no PPPoE session is active on that interface: $ 0 : 00000000 80c40000 00000000 85144817 $ 4 : 00000008 00000100 80a75758 81dc9bb8 $ 8 : 00000010 8087ae2c 0000003d 00000000 $12 : 000000e0 00000039 00000000 00000000 $16 : 85043240 80a75758 81dc9bb8 00006488 $20 : 0000002f 00000007 85144810 80a70000 $24 : 81d1bda0 00000000 $28 : 81dc8000 81dc9aa8 00000000 805ead08 Hi : 00009d51 Lo : 2163358a epc : 805e91f0 __skb_flow_dissect+0x1b0/0x1b50 ra : 805ead08 __skb_get_hash_net+0x74/0x12c Status: 11000403 KERNEL EXL IE Cause : 40800010 (ExcCode 04) BadVA : 85144817 PrId : 0001992f (MIPS 1004Kc) Call Trace: [] __skb_flow_dissect+0x1b0/0x1b50 [] __skb_get_hash_net+0x74/0x12c [] get_rps_cpu+0x1b8/0x3fc [] netif_receive_skb_list_internal+0x324/0x364 [] napi_complete_done+0x68/0x2a4 [] mtk_napi_rx+0x228/0xfec [] __napi_poll+0x3c/0x1c4 [] napi_threaded_poll_loop+0x234/0x29c [] napi_threaded_poll+0x8c/0xb0 [] kthread+0x104/0x12c [] ret_from_kernel_thread+0x14/0x1c Code: 02d51821 1060045b 00000000 3084000f 2c820005 144001a2 00042080 8e220000 To reduce the attack surface and maintain performance, do not process PPPoE PFC frames. [1] https://lore.kernel.org/r/[email protected]
It is possible to read the advisory at git.kernel.org. This vulnerability is known as CVE-2026-46306 since 05/13/2026. The exploitation appears to be difficult. The technical details are unknown and an exploit is not publicly available.
Upgrading to version 6.1.175, 6.6.140, 6.12.88, 6.18.30, 7.0.7 or 7.1-rc1 eliminates this vulnerability. Applying the patch e7c811ca372d53c2be7d01a1614e71fae1054836/abc5bc84e0f2edc7ea2d437afa6ef3fe1fc43200/18ae9eacfc95cc715c0606b2c86e8aa8a86cf3e3/db104b0d8a7856397c0469d83a4289adf7c54863/6044392d9cace3a3672b02c8bc7d38b502e51734/0d00b9015069712944934bab09eaa6c542143049/7c93f353eab4ea911e394630f07d72e040a729d8/d6c19b31a3c1d519fabdcf0aa239e6b6109b9473 is able to eliminate this problem. The bugfix is ready for download at git.kernel.org. The best possible mitigation is suggested to be upgrading to the latest version.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Product
Type
Vendor
Name
Version
- 6.1.174
- 6.6.139
- 6.12.0
- 6.12.1
- 6.12.2
- 6.12.3
- 6.12.4
- 6.12.5
- 6.12.6
- 6.12.7
- 6.12.8
- 6.12.9
- 6.12.10
- 6.12.11
- 6.12.12
- 6.12.13
- 6.12.14
- 6.12.15
- 6.12.16
- 6.12.17
- 6.12.18
- 6.12.19
- 6.12.20
- 6.12.21
- 6.12.22
- 6.12.23
- 6.12.24
- 6.12.25
- 6.12.26
- 6.12.27
- 6.12.28
- 6.12.29
- 6.12.30
- 6.12.31
- 6.12.32
- 6.12.33
- 6.12.34
- 6.12.35
- 6.12.36
- 6.12.37
- 6.12.38
- 6.12.39
- 6.12.40
- 6.12.41
- 6.12.42
- 6.12.43
- 6.12.44
- 6.12.45
- 6.12.46
- 6.12.47
- 6.12.48
- 6.12.49
- 6.12.50
- 6.12.51
- 6.12.52
- 6.12.53
- 6.12.54
- 6.12.55
- 6.12.56
- 6.12.57
- 6.12.58
- 6.12.59
- 6.12.60
- 6.12.61
- 6.12.62
- 6.12.63
- 6.12.64
- 6.12.65
- 6.12.66
- 6.12.67
- 6.12.68
- 6.12.69
- 6.12.70
- 6.12.71
- 6.12.72
- 6.12.73
- 6.12.74
- 6.12.75
- 6.12.76
- 6.12.77
- 6.12.78
- 6.12.79
- 6.12.80
- 6.12.81
- 6.12.82
- 6.12.83
- 6.12.84
- 6.12.85
- 6.12.86
- 6.12.87
- 6.18.0
- 6.18.1
- 6.18.2
- 6.18.3
- 6.18.4
- 6.18.5
- 6.18.6
- 6.18.7
- 6.18.8
- 6.18.9
- 6.18.10
- 6.18.11
- 6.18.12
- 6.18.13
- 6.18.14
- 6.18.15
- 6.18.16
- 6.18.17
- 6.18.18
- 6.18.19
- 6.18.20
- 6.18.21
- 6.18.22
- 6.18.23
- 6.18.24
- 6.18.25
- 6.18.26
- 6.18.27
- 6.18.28
- 6.18.29
- 7.0.0
- 7.0.1
- 7.0.2
- 7.0.3
- 7.0.4
- 7.0.5
- 7.0.6
License
Website
- Vendor: https://www.kernel.org/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔒VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 4.8VulDB Meta Temp Score: 4.6
VulDB Base Score: 4.8
VulDB Temp Score: 4.6
VulDB Vector: 🔒
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔒
VulDB Temp Score: 🔒
VulDB Reliability: 🔍
Exploiting
Class: Infinite loopCWE: CWE-835 / CWE-404
CAPEC: 🔒
ATT&CK: 🔒
Physical: No
Local: No
Remote: Partially
Availability: 🔒
Status: Not defined
EPSS Score: 🔒
EPSS Percentile: 🔒
Price Prediction: 🔍
Current Price Estimation: 🔒
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔒
Upgrade: Kernel 6.1.175/6.6.140/6.12.88/6.18.30/7.0.7/7.1-rc1
Patch: e7c811ca372d53c2be7d01a1614e71fae1054836/abc5bc84e0f2edc7ea2d437afa6ef3fe1fc43200/18ae9eacfc95cc715c0606b2c86e8aa8a86cf3e3/db104b0d8a7856397c0469d83a4289adf7c54863/6044392d9cace3a3672b02c8bc7d38b502e51734/0d00b9015069712944934bab09eaa6c542143049/7c93f353eab4ea911e394630f07d72e040a729d8/d6c19b31a3c1d519fabdcf0aa239e6b6109b9473
Timeline
05/13/2026 CVE reserved06/08/2026 Advisory disclosed
06/08/2026 VulDB entry created
06/08/2026 VulDB entry last update
Sources
Vendor: kernel.orgAdvisory: git.kernel.org
Status: Confirmed
CVE: CVE-2026-46306 (🔒)
GCVE (CVE): GCVE-0-2026-46306
GCVE (VulDB): GCVE-100-369235
Entry
Created: 06/08/2026 20:11Changes: 06/08/2026 20:11 (58)
Complete: 🔍
Cache ID: 216::103
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
No comments yet. Languages: en.
Please log in to comment.