8.8

CVE-2026-23098

netrom: fix double-free in nr_route_frame()

In the Linux kernel, the following vulnerability has been resolved:

netrom: fix double-free in nr_route_frame()

In nr_route_frame(), old_skb is immediately freed without checking if
nr_neigh->ax25 pointer is NULL. Therefore, if nr_neigh->ax25 is NULL,
the caller function will free old_skb again, causing a double-free bug.

Therefore, to prevent this, we need to modify it to check whether
nr_neigh->ax25 is NULL before freeing old_skb.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 2.6.12.1 < 5.10.249
LinuxLinux Kernel Version >= 5.11 < 5.15.199
LinuxLinux Kernel Version >= 5.16 < 6.1.162
LinuxLinux Kernel Version >= 6.2 < 6.6.122
LinuxLinux Kernel Version >= 6.7 < 6.12.68
LinuxLinux Kernel Version >= 6.13 < 6.18.8
LinuxLinux Kernel Version2.6.12 Update-
LinuxLinux Kernel Version2.6.12 Updaterc2
LinuxLinux Kernel Version2.6.12 Updaterc3
LinuxLinux Kernel Version2.6.12 Updaterc4
LinuxLinux Kernel Version2.6.12 Updaterc5
LinuxLinux Kernel Version6.19 Updaterc1
LinuxLinux Kernel Version6.19 Updaterc2
LinuxLinux Kernel Version6.19 Updaterc3
LinuxLinux Kernel Version6.19 Updaterc4
LinuxLinux Kernel Version6.19 Updaterc5
LinuxLinux Kernel Version6.19 Updaterc6
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.18% 0.073
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
416baaa9-dc9f-4396-8d5f-8c081fb06d67 8.8 2.8 5.9
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-415 Double Free

The product calls free() twice on the same memory address.

https://git.kernel.org/stable/c/bd8955337e3764f912f49b360e176d8aaecf7016
Patch
https://git.kernel.org/stable/c/94d1a8bd08af1f4cc345c5c29f5db1ea72b8bb8c
Patch
https://git.kernel.org/stable/c/9f5fa78d9980fe75a69835521627ab7943cb3d67
Patch
https://git.kernel.org/stable/c/ba1096c315283ee3292765f6aea4cca15816c4f7
Patch
https://git.kernel.org/stable/c/25aab6bfc31017a7e52035b99aef5c2b6bde8ffb
Patch
https://git.kernel.org/stable/c/6e0110ea90313b7c0558a0b77038274a6821caf8
Patch
https://git.kernel.org/stable/c/7c48fdf2d1349bb54815b56fb012b9d577707708
Patch