DEBIAN-CVE-2026-46266

In the Linux kernel, the following vulnerability has been resolved:  inet: RAW sockets using IPPROTORAW MUST drop incoming ICMP  Yizhou Zhao reported that simply having one RAW socket on protocol IPPROTORAW (255) was dangerous.    socket(AFINET, SOCKRAW, 255);  A malicious incoming ICMP packet can set the protocol field to 255 and match this socket, leading to FNHE cache changes.  inner = IP(src="192.168.2.1", dst="8.8.8.8", proto=255)/Raw("TEST") pkt = IP(src="192.168.1.1", dst="192.168.2.1")/ICMP(type=3, code=4, nexthopmtu=576)/inner  "man 7 raw" states:    A protocol of IPPROTORAW implies enabled IPHDRINCL and is able   to send any IP protocol that is specified in the passed header.   Receiving of all IP protocols via IPPROTO_RAW is not possible   using raw sockets.  Make sure we drop these malicious packets.