CVE-2026-23442
Modified Modified - Updated After Analysis
NULL Pointer Dereference in Linux Kernel IPv6 SRv6 Path Handling

Publication date: 2026-04-03

Last updated on: 2026-06-01

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: ipv6: add NULL checks for idev in SRv6 paths __in6_dev_get() can return NULL when the device has no IPv6 configuration (e.g. MTU < IPV6_MIN_MTU or after NETDEV_UNREGISTER). Add NULL checks for idev returned by __in6_dev_get() in both seg6_hmac_validate_skb() and ipv6_srh_rcv() to prevent potential NULL pointer dereferences.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-03
Last Modified
2026-06-01
Generated
2026-06-16
AI Q&A
2026-04-03
EPSS Evaluated
2026-06-15
NVD
CVE-2026-23442
EUVD
EUVD-2026-18684
Affected Vendors & Products
Showing 10 associated CPEs
Vendor Product Version / Range
linux linux_kernel 4.10
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel From 4.10.1 (inc) to 6.12.83 (exc)
linux linux_kernel From 6.13 (inc) to 6.19.10 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-476 The product dereferences a pointer that it expects to be valid but is NULL.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linux kernel's IPv6 implementation, specifically related to SRv6 (Segment Routing over IPv6) paths. The function __in6_dev_get() can return NULL if the device has no IPv6 configuration, such as when the MTU is less than IPV6_MIN_MTU or after the device has been unregistered (NETDEV_UNREGISTER). The vulnerability arises because the code did not check for NULL before using the idev pointer returned by __in6_dev_get() in the functions seg6_hmac_validate_skb() and ipv6_srh_rcv(). This could lead to NULL pointer dereferences.

Impact Analysis

The vulnerability can cause the Linux kernel to dereference a NULL pointer when processing IPv6 SRv6 paths, potentially leading to kernel crashes or denial of service conditions. This could affect system stability and availability.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-23442. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart