Skip to main content

Linux CVE-2026-23442

| EUVDEUVD-2026-18684 MEDIUM
NULL Pointer Dereference (CWE-476)
2026-04-03 Linux GHSA-prgg-rgfw-vr94
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative
Red Hat
6.5 MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
CVSS changed
Apr 23, 2026 - 21:11 NVD
5.5 (MEDIUM)
Patch available
Apr 16, 2026 - 05:29 EUVD
06413793526251870e20402c39930804f14d59c0
EUVD ID Assigned
Apr 03, 2026 - 15:30 euvd
EUVD-2026-18684
Analysis Generated
Apr 03, 2026 - 15:30 vuln.today
CVE Published
Apr 03, 2026 - 15:15 nvd
N/A

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

ipv6: add NULL checks for idev in SRv6 paths

__in6_dev_get() can return NULL when the device has no IPv6 configuration (e.g. MTU < IPV6_MIN_MTU or after NETDEV_UNREGISTER).

Add NULL checks for idev returned by __in6_dev_get() in both seg6_hmac_validate_skb() and ipv6_srh_rcv() to prevent potential NULL pointer dereferences.

AnalysisAI

NULL pointer dereference in Linux kernel IPv6 SRv6 path processing allows local denial of service when __in6_dev_get() returns NULL due to missing IPv6 configuration or device unregistration. The vulnerability affects seg6_hmac_validate_skb() and ipv6_srh_rcv() functions which lacked NULL checks on the returned idev pointer, enabling a local attacker to crash the kernel by triggering these code paths on misconfigured or unregistering network devices.

Technical ContextAI

The vulnerability exists in the Linux kernel's IPv6 Segment Routing Header (SRv6) implementation. The __in6_dev_get() function retrieves the in6_dev structure for a network device to access IPv6 configuration data. However, this function can legitimately return NULL when a device has no IPv6 configuration (such as when MTU is below IPV6_MIN_MTU threshold) or during device unregistration (NETDEV_UNREGISTER event). The SRv6 code in seg6_hmac_validate_skb() and ipv6_srh_rcv() functions did not validate the returned pointer before dereferencing it, creating a NULL pointer dereference vulnerability. This affects the core IPv6 routing functionality in the Linux kernel across all versions using SRv6, identified by CPE cpe:2.3:a:linux:linux:*:*:*:*:*:*:*:*.

RemediationAI

The Linux kernel community has released upstream fixes via commits a25853c9feea7bbf31d157ff6e004d2d3b4f7f13 and 06413793526251870e20402c39930804f14d59c0 available at https://git.kernel.org/stable/c/a25853c9feea7bbf31d157ff6e004d2d3b4f7f13 and https://git.kernel.org/stable/c/06413793526251870e20402c39930804f14d59c0. Users should apply these patches by upgrading to a kernel version that includes these commits, typically available in stable kernel releases following the fix date. As a temporary workaround, administrators can disable SRv6 functionality if not required by setting appropriate kernel boot parameters or runtime configuration, though patching is the recommended permanent solution.

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

CVE-2026-23442 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy