CVE-2026-43101
Awaiting Analysis Awaiting Analysis - Queue
NULL Pointer Dereference in Linux Kernel IPv6 IOAM

Publication date: 2026-05-06

Last updated on: 2026-05-06

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: ipv6: ioam: fix potential NULL dereferences in __ioam6_fill_trace_data() We need to check __in6_dev_get() for possible NULL value, as suggested by Yiming Qian. Also add skb_dst_dev_rcu() instead of skb_dst_dev(), and two missing READ_ONCE(). Note that @dev can't be NULL.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-06
Last Modified
2026-05-06
Generated
2026-05-07
AI Q&A
2026-05-06
EPSS Evaluated
N/A
NVD
CVE-2026-43101
EUVD
EUVD-2026-27612
Affected Vendors & Products
Currently, no data is known.
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is related to the Linux kernel's IPv6 ioam (In-situ OAM) feature. It involves potential NULL pointer dereferences in the function __ioam6_fill_trace_data(). Specifically, the code did not properly check if the function __in6_dev_get() returned a NULL value, which could lead to a NULL dereference and possibly cause a kernel crash or unexpected behavior.

The fix involved adding a check for a possible NULL value from __in6_dev_get(), replacing skb_dst_dev() with skb_dst_dev_rcu(), and adding two missing READ_ONCE() operations to ensure proper memory access synchronization.


How can this vulnerability impact me? :

If exploited or triggered, this vulnerability could cause the Linux kernel to dereference a NULL pointer, potentially leading to a kernel crash (kernel panic) or other unstable behavior. This could result in denial of service or system instability on affected systems running the vulnerable kernel.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart