CVE-2026-46027 Linux CVE debrief

Who should care

Organizations running Linux kernels with SMC-R (Shared Memory Communications over RDMA) enabled, particularly on IBM Z, LinuxONE, or x86_64 systems using RoCE adapters for high-performance networking workloads.

Technical summary

The vulnerability is a race condition in net/smc/smc_clc.c where smc_clc_wait_msg() processes CLC decline messages. When a decline arrives during early handshake before link group association, the code attempted to update link-group level sync state that doesn't yet exist. The fix adds a guard condition to skip link-group updates when the connection hasn't completed link group setup, while maintaining the existing per-socket peer diagnosis path. This prevents null or invalid pointer dereferences on link-group structures during the vulnerable window.

Defensive priority

medium

Recommended defensive actions

• Apply kernel updates from stable branches when available from distribution vendors
• Monitor NVD for CVSS scoring once analysis completes
• Review SMC usage in environments running RDMA over Converged Ethernet (RoCE) workloads
• Validate kernel version against patched commits in stable trees

Evidence notes

Official CVE record published 2026-05-27T14:17:21.303Z. NVD status: Awaiting Analysis. Five kernel.org stable branch commits provided as references. No CVSS score or severity assigned by NVD at time of disclosure.

Official resources