New Linux Kernel Releases Address Critical Vulnerability CVE-2026-46333: Everything You Need to Know

In a recent announcement, Greg Kroah-Hartman released seven new stable Linux kernel versions, each carrying a critical patch for a vulnerability tracked as CVE-2026-46333. This flaw, originally reported by the Qualys Security Advisory team, poses a serious risk to system security, and a proof-of-concept exploit is already available. The affected kernels include versions 7.0.8, 6.18.31, 6.12.89, 6.6.139, 6.1.173, 5.15.207, and 5.10.256. Some of these updates also contain fixes for additional bugs. Below, we answer key questions about this security release.

What are the new stable kernel versions?

Greg Kroah-Hartman announced the release of seven stable Linux kernel versions: 7.0.8, 6.18.31, 6.12.89, 6.6.139, 6.1.173, 5.15.207, and 5.10.256. These versions span both the latest mainline series and several long-term support (LTS) branches. The oldest kernel addressed goes back to 5.10, ensuring that users on older but still supported systems receive the critical fix. This wide coverage underscores the importance of the vulnerability being patched.

New Linux Kernel Releases Address Critical Vulnerability CVE-2026-46333: Everything You Need to Know — Source: lwn.net

What vulnerability does CVE-2026-46333 represent?

CVE-2026-46333 is a security vulnerability that was reported by the Qualys Security Advisory team. While specific details about the nature of the flaw are not fully disclosed in the announcement, it is considered critical due to the availability of a proof-of-concept exploit. The vulnerability affects all the listed kernel versions, making it essential for users on any of these branches to update immediately to mitigate potential attacks.

Who reported the vulnerability and who proposed the fix?

The vulnerability CVE-2026-46333 was reported by the Qualys Security Advisory team, a well-known cybersecurity firm. Interestingly, the patch that addresses it was originally proposed by Jann Horn back in 2020. Despite being identified years earlier, the fix has now been integrated into these stable kernel releases. This situation highlights the complexity of getting security patches approved and backported to all affected branches.

Has a proof-of-concept exploit been published?

Yes, a proof-of-concept (PoC) exploit for CVE-2026-46333 has already been published. The existence of a PoC significantly increases the risk, as attackers can now use it as a template to create working exploits. This urgency is why users are strongly advised to upgrade their kernels without delay. The combination of a known vulnerability and a published exploit makes this a critical security update.

Do these kernels include any other patches?

In addition to the patch for CVE-2026-46333, some of the seven kernel versions include additional fixes for other bugs. As is standard with stable kernel releases, each version collects various minor improvements and bug fixes that have accumulated since the previous release. While the headline fix is the security vulnerability, users benefit from overall stability enhancements when they upgrade.

What action should Linux users take?

Users are strongly advised to upgrade to one of the newly released stable kernels as soon as possible. This means updating to version 7.0.8, 6.18.31, 6.12.89, 6.6.139, 6.1.173, 5.15.207, or 5.10.256 depending on their current branch. Administrators of systems running older kernels should prioritize this upgrade to protect against potential exploitation of CVE-2026-46333 and to benefit from any extra bug fixes included in the release.