2486999 – (CVE-2026-46330) CVE-2026-46330 kernel: Revert "net/smc: Introduce TCP ULP support"

Bug 2486999 (CVE-2026-46330) - CVE-2026-46330 kernel: Revert "net/smc: Introduce TCP ULP support"

Summary: CVE-2026-46330 kernel: Revert "net/smc: Introduce TCP ULP support"

Keywords:
Status:	NEW
Alias:	CVE-2026-46330
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2026-06-09 14:01 UTC by OSIDB Bzimport
Modified:	2026-06-09 16:40 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2026-06-09 14:01:31 UTC

In the Linux kernel, the following vulnerability has been resolved:

Revert "net/smc: Introduce TCP ULP support"

This reverts commit d7cd421da9da2cc7b4d25b8537f66db5c8331c40.

As reported by Al Viro, the TCP ULP support for SMC is fundamentally
broken. The implementation attempts to convert an active TCP socket
into an SMC socket by modifying the underlying `struct file`, dentry,
and inode in-place, which violates core VFS invariants that assume
these structures are immutable for an open file, creating a risk of
use after free errors and general system instability.

Given the severity of this design flaw and the fact that cleaner
alternatives (e.g., LD_PRELOAD, BPF) exist for legacy application
transparency, the correct course of action is to remove this feature
entirely.

Comment 1 Keith Grant 2026-06-09 16:38:57 UTC

Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2026060910-CVE-2026-46330-28d2@gregkh/T

Note You need to log in before you can comment on or make changes to this bug.