What is GHSA-6hp6-98mx-37xj?

GHSA-6hp6-98mx-37xj is a security advisory published by GitHub Security Advisories with High severity. In the Linux kernel, the following vulnerability has been resolved: net/smc: avoid early lgr...

Which CVE IDs does GHSA-6hp6-98mx-37xj cover?

GHSA-6hp6-98mx-37xj covers the following CVE IDs: CVE-2026-46027. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-6hp6-98mx-37xj?

GHSA-6hp6-98mx-37xj has a CVSS v3 base score of 7.5, published by GitHub Security Advisories.

GHSA-6hp6-98mx-37xjHighCVSS 7.5

In the Linux kernel, the following vulnerability has been resolved: net/smc: avoid early lgr...

Vendor

GitHub Security Advisories

Published

May 27, 2026

Last Modified

May 30, 2026

🔗 CVE IDs covered (1)

CVE-2026-46027 →

📋 Description

In the Linux kernel, the following vulnerability has been resolved:

net/smc: avoid early lgr access in smc_clc_wait_msg

A CLC decline can be received while the handshake is still in an early stage, before the connection has been associated with a link group.

The decline handling in smc_clc_wait_msg() updates link-group level sync state for first-contact declines, but that state only exists after link group setup has completed. Guard the link-group update accordingly and keep the per-socket peer diagnosis handling unchanged.

This preserves the existing sync_err handling for established link-group contexts and avoids touching link-group state before it is available.

🔗 References (7)

https://nvd.nist.gov/vuln/detail/CVE-2026-46027
https://git.kernel.org/stable/c/5a8db80f721deee8e916c2cfdee78decda02ce4f
https://git.kernel.org/stable/c/6180a296ca65b08a81914805cbc0f78da5f10a1f
https://git.kernel.org/stable/c/83bcf9228b0501694fb2589ed1d142855a2887f2
https://git.kernel.org/stable/c/ea0b5d0fe96356dce38f98375a57c52a04e13712
https://git.kernel.org/stable/c/f0858e1d5624bb120b198f2a8528f97a9b0ae069
https://github.com/advisories/GHSA-6hp6-98mx-37xj