CVE-2026-23442

MEDIUM

ipv6: add NULL checks for idev in SRv6 paths

Title source: cna

Description

In the Linux kernel, the following vulnerability has been resolved: ipv6: add NULL checks for idev in SRv6 paths __in6_dev_get() can return NULL when the device has no IPv6 configuration (e.g. MTU < IPV6_MIN_MTU or after NETDEV_UNREGISTER). Add NULL checks for idev returned by __in6_dev_get() in both seg6_hmac_validate_skb() and ipv6_srh_rcv() to prevent potential NULL pointer dereferences.

References (5)

https://git.kernel.org/stable/c/a25853c9feea7bbf31d157ff6e004d2d3b4f7f13

https://git.kernel.org/stable/c/06413793526251870e20402c39930804f14d59c0

https://git.kernel.org/stable/c/bc9843c39f9932a8b36efd1d362ea00bb88e4e78

https://git.kernel.org/stable/c/50352fc103928e10e8729abc79a0d05abef26c4d

https://git.kernel.org/stable/c/c5cedee5d97382176573bbe21e1724e737a5eb64

Scores

CVSS v3 5.5

EPSS 0.0001

EPSS Percentile 2.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-476

Status published

Products (16)

Linux/Linux < 4.10

Linux/Linux 1ababeba4a21f3dba3da3523c670b207fb2feb62 - 06413793526251870e20402c39930804f14d59c0

Linux/Linux 1ababeba4a21f3dba3da3523c670b207fb2feb62 - 50352fc103928e10e8729abc79a0d05abef26c4d

Linux/Linux 1ababeba4a21f3dba3da3523c670b207fb2feb62 - a25853c9feea7bbf31d157ff6e004d2d3b4f7f13

Linux/Linux 1ababeba4a21f3dba3da3523c670b207fb2feb62 - bc9843c39f9932a8b36efd1d362ea00bb88e4e78

Linux/Linux 1ababeba4a21f3dba3da3523c670b207fb2feb62 - c5cedee5d97382176573bbe21e1724e737a5eb64

Linux/Linux 4.10

Linux/Linux 6.12.83 - 6.12.*

Linux/Linux 6.18.25 - 6.18.*

Linux/Linux 6.19.10 - 6.19.*

... and 6 more

Published Apr 03, 2026

Tracked Since Apr 03, 2026