CVE-2026-46015 Linux CVE debrief

Who should care

Organizations running Linux systems with applications using SO_REUSEPORT for TCP load balancing, particularly those relying on blocking I/O multiplexing or blocking accept() patterns on TCP listeners.

Technical summary

The vulnerability exists in inet_csk_listen_stop() when migrating established child sockets during listener shutdown. The migration path adds the request socket to the target listener's queue without waking waiters, causing indefinite blocking for poll/epoll and blocking accept() callers. The fix ensures proper wakeup notification and adds RCU protection for concurrent access scenarios.

Defensive priority

high

Recommended defensive actions

• Apply kernel updates containing the referenced stable tree commits when available from your Linux distribution
• Monitor vendor security advisories for kernel package updates addressing this issue
• If running applications that depend on SO_REUSEPORT with TCP listeners, consider temporary workarounds such as using nonblocking accept() patterns or reducing listener churn until patches are applied
• Review application architectures for reliance on blocking poll()/epoll_wait() on TCP listeners that may undergo SO_REUSEPORT migration events

Evidence notes

CVE description confirms the vulnerability is in the Linux kernel TCP implementation. Five kernel.org stable tree commits are provided as references, indicating backports to multiple stable branches. The fix involves calling READ_ONCE(nsk->sk_data_ready)(nsk) after successful migration and wrapping post-queue_add() dereferences in rcu_read_lock()/rcu_read_unlock().

Official resources