{“lastseen”:””,”description”:”In the Linux kernel, the following vulnerability has been resolved:\\n\\nipv6: Fix out-of-bound access in fib6_add_rt2node().\\n\\nsyzbot reported out-of-bound read in fib6_add_rt2node(). [0]\\n\\nWhen IPv6 route is created with RTA_NH_ID, struct fib6_info\\ndoes not have the trailing struct fib6_nh.\\n\\nThe cited commit started to check !iter-\\u003efib6_nh-\\u003efib_nh_gw_family\\nto ensure that rt6_qualify_for_ecmp() will return false for iter.\\n\\nIf iter-\\u003enh is not NULL, rt6_qualify_for_ecmp() returns false anyway.\\n\\nLet’s check iter-\\u003enh before reading iter-\\u003efib6_nh and avoid OOB read.\\n\\n[0]:\\nBUG: KASAN: slab-out-of-bounds in fib6_add_rt2node+0x349c\/0x3500 net\/ipv6\/ip6_fib.c:1142\\nRead of size 1 at addr ffff8880384ba6de by task syz.0.18\/5500\\n\\nCPU: 0 UID: 0 PID: 5500 Comm: syz.0.18 Not tainted syzkaller #0 PREEMPT(full)\\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04\/01\/2014\\nCall Trace:\\n \\u003cTASK\\u003e\\n dump_stack_lvl+0xe8\/0x150 lib\/dump_stack.c:120\\n print_address_description mm\/kasan\/report.c:378 [inline]\\n print_report+0xba\/0x230 mm\/kasan\/report.c:482\\n kasan_report+0x117\/0x150 mm\/kasan\/report.c:595\\n fib6_add_rt2node+0x349c\/0x3500 net\/ipv6\/ip6_fib.c:1142\\n fib6_add_rt2node_nh net\/ipv6\/ip6_fib.c:1363 [inline]\\n fib6_add+0x910\/0x18c0 net\/ipv6\/ip6_fib.c:1531\\n __ip6_ins_rt net\/ipv6\/route.c:1351 [inline]\\n ip6_route_add+0xde\/0x1b0 net\/ipv6\/route.c:3957\\n inet6_rtm_newroute+0x268\/0x19e0 net\/ipv6\/route.c:5660\\n rtnetlink_rcv_msg+0x7d5\/0xbe0 net\/core\/rtnetlink.c:6958\\n netlink_rcv_skb+0x232\/0x4b0 net\/netlink\/af_netlink.c:2550\\n netlink_unicast_kernel net\/netlink\/af_netlink.c:1318 [inline]\\n netlink_unicast+0x80f\/0x9b0 net\/netlink\/af_netlink.c:1344\\n netlink_sendmsg+0x813\/0xb40 net\/netlink\/af_netlink.c:1894\\n sock_sendmsg_nosec net\/socket.c:727 [inline]\\n __sock_sendmsg net\/socket.c:742 [inline]\\n ____sys_sendmsg+0xa68\/0xad0 net\/socket.c:2592\\n ___sys_sendmsg+0x2a5\/0x360 net\/socket.c:2646\\n __sys_sendmsg net\/socket.c:2678 [inline]\\n __do_sys_sendmsg net\/socket.c:2683 [inline]\\n __se_sys_sendmsg net\/socket.c:2681 [inline]\\n __x64_sys_sendmsg+0x1bd\/0x2a0 net\/socket.c:2681\\n do_syscall_x64 arch\/x86\/entry\/syscall_64.c:63 [inline]\\n do_syscall_64+0xe2\/0xf80 arch\/x86\/entry\/syscall_64.c:94\\n entry_SYSCALL_64_after_hwframe+0x77\/0x7f\\nRIP: 0033:0x7f9316b9aeb9\\nCode: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \\u003c48\\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48\\nRSP: 002b:00007ffd8809b678 EFLAGS: 00000246 ORIG_RAX: 000000000000002e\\nRAX: ffffffffffffffda RBX: 00007f9316e15fa0 RCX: 00007f9316b9aeb9\\nRDX: 0000000000000000 RSI: 0000200000004380 RDI: 0000000000000003\\nRBP: 00007f9316c08c1f R08: 0000000000000000 R09: 0000000000000000\\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\\nR13: 00007f9316e15fac R14: 00007f9316e15fa0 R15: 00007f9316e15fa0\\n \\u003c\/TASK\\u003e\\n\\nAllocated by task 5499:\\n kasan_save_stack mm\/kasan\/common.c:57 [inline]\\n kasan_save_track+0x3e\/0x80 mm\/kasan\/common.c:78\\n poison_kmalloc_redzone mm\/kasan\/common.c:398 [inline]\\n __kasan_kmalloc+0x93\/0xb0 mm\/kasan\/common.c:415\\n kasan_kmalloc include\/linux\/kasan.h:263 [inline]\\n __do_kmalloc_node mm\/slub.c:5657 [inline]\\n __kmalloc_noprof+0x40c\/0x7e0 mm\/slub.c:5669\\n kmalloc_noprof include\/linux\/slab.h:961 [inline]\\n kzalloc_noprof include\/linux\/slab.h:1094 [inline]\\n fib6_info_alloc+0x30\/0xf0 net\/ipv6\/ip6_fib.c:155\\n ip6_route_info_create+0x142\/0x860 net\/ipv6\/route.c:3820\\n ip6_route_add+0x49\/0x1b0 net\/ipv6\/route.c:3949\\n inet6_rtm_newroute+0x268\/0x19e0 net\/ipv6\/route.c:5660\\n rtnetlink_rcv_msg+0x7d5\/0xbe0 net\/core\/rtnetlink.c:6958\\n netlink_rcv_skb+0x232\/0x4b0 net\/netlink\/af_netlink.c:2550\\n netlink_unicast_kernel net\/netlink\/af_netlink.c:1318 [inline]\\n netlink_unicast+0x80f\/0x9b0 net\/netlink\/af_netlink.c:1344\\n netlink_sendmsg+0x813\/0xb40 net\/netlink\/af_netlink.c:1894\\n sock_sendmsg_nosec net\/socket.c:727 [inline]\\n __sock_sendmsg net\/socket.c:742 [inline]\\n ____sys_sendmsg+0xa68\/0xad0 net\/socket.c:2592\\n ___sys_s\\n—truncated—“,”published”:”2026-06-03T15:49:57.561Z”,”modified”:”2026-06-05T06:06:29.838Z”,”type”:”cve”,”title”:”ipv6: Fix out-of-bound access in fib6_add_rt2node().”,”source”:”Linux”,”references”:”https:\/\/git.kernel.org\/stable\/c\/bcc60ad129ae1837cf809c81bff56ec8bfdb6b11\\nhttps:\/\/git.kernel.org\/stable\/c\/bf5009a06e03ee9a51052bb59f2228a5e4e66260\\nhttps:\/\/git.kernel.org\/stable\/c\/03b5051e02f5a3772eee57493ad697d4b505b0c2\\nhttps:\/\/git.kernel.org\/stable\/c\/500e54615c97bc3c427e52305a6fcd38a0e008a3\\nhttps:\/\/git.kernel.org\/stable\/c\/8244f959e2c125c849e569f5b23ed49804cce695″,”id”:”CVE-2026-46260″,”bulletinFamily”:””,”cwe”:null,”cvelist”:null,”sourceData”:”Linux Linux 50b7c7a255858a85c4636a1e990ca04591153dca\\nLinux Linux d8143c54ceeba232dc8a13aa0afa14a44b371d93\\nLinux Linux b8ad2d53f706aeea833d23d45c0758398fede580\\nLinux Linux bbf4a17ad9ffc4e3d7ec13d73ecd59dea149ed25\\nLinux Linux bbf4a17ad9ffc4e3d7ec13d73ecd59dea149ed25\\nLinux Linux 6.6.124\\nLinux Linux 6.12.70\\nLinux Linux 6.18.10\\nLinux Linux 6.19″,”sourceHref”:””,”cvss”:{“score”:7.8,”severity”:”HIGH”,”vector”:”CVSS:3.1\/AV:L\/AC:L\/PR:L\/UI:N\/S:U\/C:H\/I:H\/A:H”,”version”:”3.1″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:””,”category_name”:”CVE”,”post_link”:””,”product”:”Linux”,”version”:”50b7c7a255858a85c4636a1e990ca04591153dca”,”vendor”:”Linux”,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:””,”description”:”In the Linux kernel, the following vulnerability has been resolved:\\n\\nipv6: Fix out-of-bound access in fib6_add_rt2node().\\n\\nsyzbot reported out-of-bound read in fib6_add_rt2node(). [0]\\n\\nWhen IPv6 route is created…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[6,8,28,12,15,13,7,11,5],"class_list":["post-59984","post","type-post","status-publish","format-standard","hentry","category-category_cve","tag-cve","tag-cvss","tag-cvss-78","tag-exploit","tag-high","tag-news","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n