What is CVE-2026-46267?

CVE-2026-46267 is a unscored severity Linux kernel vulnerability, affecting Linux kernel versions from 3.7 onward and patched in 5.15.202, 6.1.165, 6.6.128 and others. CVE-2026-46267 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2026-46267?

CVE-2026-46267 has a CVSS score of pending NVD analysis out of 10, rated awaiting scoring severity.

Is there a patch available for CVE-2026-46267?

Yes, CVE-2026-46267 has been patched. Fixed versions include 5.15.202, 6.1.165, 6.6.128 and others. If you are running Linux kernel 3.7 or later up to the fix versions, apply the relevant patch for your kernel branch.

Is CVE-2026-46267 actively exploited?

CVE-2026-46267 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2026-46267

In the Linux kernel, the following vulnerability has been resolved: nfc: hci: shdlc: Stop timers and work before freeing context llc_shdlc_deinit() purges SHDLC skb queues and frees the llc_shdlc structure while its timers and state machine work may still be active. Timer callbacks can schedule sm_work, and sm_work accesses SHDLC state and the skb queues. If teardown happens in parallel with a queued/running work item, it can lead to UAF and other shutdown races. Stop all SHDLC timers and cancel sm_work synchronously before purging the queues and freeing the context. Found by Linux Verification Center (linuxtesting.org) with SVACE.

Package Linux Kernel

Published 2026-06-03

Last modified 2026-06-05

Patch available

Yes

Affected versions

Linux kernel versions 3.7 and later are affected. Fixed in 5.15.202, 6.1.165, 6.6.128, 6.12.75, 6.18.14, 6.19.4, 7.0 and their respective stable series.

Affected from

≥ 3.7

Fixed in

✓ 5.15.202 5.15.x ✓ 6.1.165 6.1.x ✓ 6.6.128 6.6.x ✓ 6.12.75 6.12.x ✓ 6.18.14 6.18.x ✓ 6.19.4 6.19.x ✓ 7.0

References

The following references provide additional information about CVE-2026-46267 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Kernel patch commit
https://git.kernel.org/stable/c/1cb97b1225450af3f7b728777929ba50c6a58ced
Patch
Kernel patch commit
https://git.kernel.org/stable/c/276820278e9717cc7d4bb32381892dd3ddf418d4
Patch
Kernel patch commit
https://git.kernel.org/stable/c/77eef9f2eef045c3c37a3df82d3e661afb866b98
Patch

7 patch commits total View all on NVD

Frequently asked questions

What is CVE-2026-46267?

CVE-2026-46267 is a unscored severity Linux kernel vulnerability . It affects Linux kernel versions from 3.7 onward and has been patched in 5.15.202, 6.1.165, 6.6.128 and others. CVE-2026-46267 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
Is there a patch available for CVE-2026-46267?

Yes — CVE-2026-46267 has been patched. Fixed versions include 5.15.202, 6.1.165, 6.6.128 and others. If you are running Linux kernel 3.7 or later up to the fix versions, apply the relevant patch for your kernel branch.
Is CVE-2026-46267 actively exploited?

No — CVE-2026-46267 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.