CVE-2026-43101
Analyzed Analyzed - Analysis Complete
NULL Pointer Dereference in Linux Kernel IPv6 IOAM

Publication date: 2026-05-06

Last updated on: 2026-05-11

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: ipv6: ioam: fix potential NULL dereferences in __ioam6_fill_trace_data() We need to check __in6_dev_get() for possible NULL value, as suggested by Yiming Qian. Also add skb_dst_dev_rcu() instead of skb_dst_dev(), and two missing READ_ONCE(). Note that @dev can't be NULL.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-06
Last Modified
2026-05-11
Generated
2026-06-16
AI Q&A
2026-05-06
EPSS Evaluated
2026-06-15
NVD
CVE-2026-43101
EUVD
EUVD-2026-27612
Affected Vendors & Products
Showing 9 associated CPEs
Vendor Product Version / Range
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel From 6.19 (inc) to 6.19.14 (exc)
linux linux_kernel From 5.15 (inc) to 6.18.24 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-476 The product dereferences a pointer that it expects to be valid but is NULL.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is related to the Linux kernel's IPv6 ioam (In-situ OAM) feature. It involves potential NULL pointer dereferences in the function __ioam6_fill_trace_data(). Specifically, the code did not properly check if the function __in6_dev_get() returned a NULL value, which could lead to a NULL dereference and possibly cause a kernel crash or unexpected behavior.

The fix involved adding a check for a possible NULL value from __in6_dev_get(), replacing skb_dst_dev() with skb_dst_dev_rcu(), and adding two missing READ_ONCE() operations to ensure proper memory access synchronization.

Impact Analysis

If exploited or triggered, this vulnerability could cause the Linux kernel to dereference a NULL pointer, potentially leading to a kernel crash (kernel panic) or other unstable behavior. This could result in denial of service or system instability on affected systems running the vulnerable kernel.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-43101. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart