What is CVE-2026-46165?

CVE-2026-46165 is a unscored severity Linux kernel vulnerability, affecting Linux kernel versions from 6.1.168 onward and patched in 6.1.175, 6.6.140, 6.12.88 and others. CVE-2026-46165 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2026-46165?

CVE-2026-46165 has a CVSS score of pending NVD analysis out of 10, rated awaiting scoring severity.

Is there a patch available for CVE-2026-46165?

Yes, CVE-2026-46165 has been patched. Fixed versions include 6.1.175, 6.6.140, 6.12.88 and others. If you are running Linux kernel 6.1.168 or later up to the fix versions, apply the relevant patch for your kernel branch.

Is CVE-2026-46165 actively exploited?

CVE-2026-46165 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2026-46165

In the Linux kernel, the following vulnerability has been resolved: openvswitch: vport: fix self-deadlock on release of tunnel ports vports are used concurrently and protected by RCU, so netdev_put() must happen after the RCU grace period. So, either in an RCU call or after the synchronize_net(). The rtnl_delete_link() must happen under RTNL and so can't be executed in RCU context. Calling synchronize_net() while holding RTNL is not a good idea for performance and system stability under load in general, so calling netdev_put() in RCU call is the right solution here. However, when the device is deleted, rtnl_unlock() will call netdev_run_todo() and block until all the references are gone. In the current code this means that we never reach the call_rcu() and the vport is never freed and the reference is never released, causing a self-deadlock on device removal. Fix that by moving the rcu_call() before the rtnl_unlock(), so the scheduled RCU callback will be executed when synchronize_net() is called from the rtnl_unlock()->netdev_run_todo() while the RTNL itself is already released.

Package Linux Kernel

Published 2026-05-28

Last modified 2026-06-01

Patch available

Yes

Affected versions

Linux kernel versions 6.1.168, 6.6.131, 6.12.80, 6.18.21, 6.19.11, 7.0 and later are affected. Fixed in 6.1.175, 6.6.140, 6.12.88, 6.18.30, 7.0.7, 7.1-rc3 and their respective stable series.

Affected from

≥ 6.1.168 ≥ 6.6.131 ≥ 6.12.80 ≥ 6.18.21 ≥ 6.19.11 ≥ 7.0

Fixed in

✓ 6.1.175 6.1.x ✓ 6.6.140 6.6.x ✓ 6.12.88 6.12.x ✓ 6.18.30 6.18.x ✓ 7.0.7 7.0.x ✓ 7.1-rc3

References

The following references provide additional information about CVE-2026-46165 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Kernel patch commit
https://git.kernel.org/stable/c/366c482965c673565ecb8bcfb15d5548f13a6a10
Patch
Kernel patch commit
https://git.kernel.org/stable/c/3df75fff46b1517eb479d8e6b8e3500763715dd0
Patch
Kernel patch commit
https://git.kernel.org/stable/c/6522d59fb7de55ce0f0f285d962243ddffebb01f
Patch

6 patch commits total View all on NVD

Frequently asked questions

What is CVE-2026-46165?

CVE-2026-46165 is a unscored severity Linux kernel vulnerability . It affects Linux kernel versions from 6.1.168 onward and has been patched in 6.1.175, 6.6.140, 6.12.88 and others. CVE-2026-46165 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
Is there a patch available for CVE-2026-46165?

Yes — CVE-2026-46165 has been patched. Fixed versions include 6.1.175, 6.6.140, 6.12.88 and others. If you are running Linux kernel 6.1.168 or later up to the fix versions, apply the relevant patch for your kernel branch.
Is CVE-2026-46165 actively exploited?

No — CVE-2026-46165 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.