CVE-2026-45847

In the Linux kernel, the following vulnerability has been resolved: net: remove WARN_ON_ONCE when accessing forward path array Although unlikely, recent support for IPIP tunnels increases chances of reaching this WARN_ON_ONCE if userspace manages to build a sufficiently long forward path. Remove it.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/008e7a7c293b30bc43e4368dac6ea3808b75a572	Patch
https://git.kernel.org/stable/c/50422613185d505201167e8bdd2f2700790d5db6	Patch
https://git.kernel.org/stable/c/548244c2f542aa0ad49453e9306e715a3877bc44	Patch
https://git.kernel.org/stable/c/9464ca7a6e56ad1ebf48b2ad5c16871edfad10c6	Patch
https://git.kernel.org/stable/c/959ea349c7e2d4edf07b6838ca7e59345fe61a08	Patch
https://git.kernel.org/stable/c/a78d055ba7c31103ad02f8eceb0c452e154d2660	Patch
https://git.kernel.org/stable/c/dcf9b3c90e5560339649d088836529883fb509f3	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

History

25 Jun 2026, 21:03

Type	Values Removed	Values Added
CPE		cpe:2.3:o:linux:linux_kernel::::::::
First Time		Linux linux Kernel Linux
CWE		CWE-617
References	~~() https://git.kernel.org/stable/c/008e7a7c293b30bc43e4368dac6ea3808b75a572 -~~	() https://git.kernel.org/stable/c/008e7a7c293b30bc43e4368dac6ea3808b75a572 - Patch
References	~~() https://git.kernel.org/stable/c/50422613185d505201167e8bdd2f2700790d5db6 -~~	() https://git.kernel.org/stable/c/50422613185d505201167e8bdd2f2700790d5db6 - Patch
References	~~() https://git.kernel.org/stable/c/548244c2f542aa0ad49453e9306e715a3877bc44 -~~	() https://git.kernel.org/stable/c/548244c2f542aa0ad49453e9306e715a3877bc44 - Patch
References	~~() https://git.kernel.org/stable/c/9464ca7a6e56ad1ebf48b2ad5c16871edfad10c6 -~~	() https://git.kernel.org/stable/c/9464ca7a6e56ad1ebf48b2ad5c16871edfad10c6 - Patch
References	~~() https://git.kernel.org/stable/c/959ea349c7e2d4edf07b6838ca7e59345fe61a08 -~~	() https://git.kernel.org/stable/c/959ea349c7e2d4edf07b6838ca7e59345fe61a08 - Patch
References	~~() https://git.kernel.org/stable/c/a78d055ba7c31103ad02f8eceb0c452e154d2660 -~~	() https://git.kernel.org/stable/c/a78d055ba7c31103ad02f8eceb0c452e154d2660 - Patch
References	~~() https://git.kernel.org/stable/c/dcf9b3c90e5560339649d088836529883fb509f3 -~~	() https://git.kernel.org/stable/c/dcf9b3c90e5560339649d088836529883fb509f3 - Patch
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5

27 May 2026, 14:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-05-27 14:16

Updated : 2026-06-25 21:03

NVD link : CVE-2026-45847

Mitre link : CVE-2026-45847

CVE.ORG link : CVE-2026-45847

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-617

Reachable Assertion

5.5 /10