CVE-2026-46086 Linux CVE debrief

Who should care

Linux system administrators running bridge networking configurations, kernel maintainers, and security teams monitoring network subsystem vulnerabilities. Organizations using container networking, virtualization platforms, or software-defined networking that relies on Linux bridge functionality should prioritize patching.

Technical summary

The Linux kernel's bridge forwarding database (FDB) subsystem contains a race condition where RCU readers perform multiple loads of `f->dst` without atomic guarantees. The `fdb_delete_local()` function can rewrite local FDB entries in-place, updating `f->dst` to another port or NULL while the entry remains alive. Readers such as `br_fdb_fillbuf()` (exposed via `brforward_read()` sysfs) check `f->dst` for NULL then dereference it for `port_no`, but a concurrent update can invalidate this check. The resolution uses `READ_ONCE()` to capture stable snapshots in readers and `WRITE_ONCE()` to publish updates, ensuring consistent memory access ordering between writers and RCU readers.

Defensive priority

medium

Recommended defensive actions

• Apply kernel updates from stable branches once patches are available for your distribution
• Monitor vendor security advisories for backported fixes to long-term support kernels
• Review systems using bridge networking with sysfs FDB access paths
• Consider restricting access to /sys/class/net/*/brforward to reduce attack surface
• Validate kernel versions against fixed commits in stable trees

Evidence notes

The vulnerability description is sourced from the official CVE record published 2026-05-27. The fix involves kernel commits to stable branches, with five reference links provided to git.kernel.org stable commits. No CVSS score or severity rating has been assigned as of the modified date (2026-05-27T14:48:03Z). The vendor is identified as the Linux kernel project based on source domain evidence.

Official resources