Description
In the Linux kernel, the following vulnerability has been resolved: netrom: fix double-free in nr_route_frame() In nr_route_frame(), old_skb is immediately freed without checking if nr_neigh->ax25 pointer is NULL. Therefore, if nr_neigh->ax25 is NULL, the caller function will free old_skb again, causing a double-free bug. Therefore, to prevent this, we need to modify it to check whether nr_neigh->ax25 is NULL before freeing old_skb.
References (7)
Scores
CVSS v3
8.8
EPSS
0.0002
EPSS Percentile
5.8%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-415
Status
published
Products (22)
linux/Kernel
2.6.12 - 6.6.122linux
linux/Kernel
6.13.0 - 6.18.8linux
linux/Kernel
6.7.0 - 6.12.68linux
Linux/Linux
< 2.6.12
Linux/Linux
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - 25aab6bfc31017a7e52035b99aef5c2b6bde8ffb
Linux/Linux
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - 6e0110ea90313b7c0558a0b77038274a6821caf8
Linux/Linux
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - 7c48fdf2d1349bb54815b56fb012b9d577707708
Linux/Linux
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - 94d1a8bd08af1f4cc345c5c29f5db1ea72b8bb8c
Linux/Linux
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - 9f5fa78d9980fe75a69835521627ab7943cb3d67
Linux/Linux
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - ba1096c315283ee3292765f6aea4cca15816c4f7
... and 12 more
Published
Feb 04, 2026
Tracked Since
Feb 18, 2026