5.5

CVE-2026-23442

ipv6: add NULL checks for idev in SRv6 paths

In the Linux kernel, the following vulnerability has been resolved:

ipv6: add NULL checks for idev in SRv6 paths

__in6_dev_get() can return NULL when the device has no IPv6 configuration
(e.g. MTU < IPV6_MIN_MTU or after NETDEV_UNREGISTER).

Add NULL checks for idev returned by __in6_dev_get() in both
seg6_hmac_validate_skb() and ipv6_srh_rcv() to prevent potential NULL
pointer dereferences.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 4.10.1 < 6.12.83
LinuxLinux Kernel Version >= 6.13 < 6.19.10
LinuxLinux Kernel Version4.10 Update-
LinuxLinux Kernel Version7.0 Updaterc1
LinuxLinux Kernel Version7.0 Updaterc2
LinuxLinux Kernel Version7.0 Updaterc3
LinuxLinux Kernel Version7.0 Updaterc4
LinuxLinux Kernel Version7.0 Updaterc5
LinuxLinux Kernel Version7.0 Updaterc6
LinuxLinux Kernel Version7.0 Updaterc7
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.12% 0.024
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

https://git.kernel.org/stable/c/a25853c9feea7bbf31d157ff6e004d2d3b4f7f13
Patch
https://git.kernel.org/stable/c/06413793526251870e20402c39930804f14d59c0
Patch
https://git.kernel.org/stable/c/bc9843c39f9932a8b36efd1d362ea00bb88e4e78
Patch
https://git.kernel.org/stable/c/50352fc103928e10e8729abc79a0d05abef26c4d
https://git.kernel.org/stable/c/c5cedee5d97382176573bbe21e1724e737a5eb64
https://git.kernel.org/stable/c/0348fa0ada37cef7c6b5ab2a428bb2c6aee784e4
https://git.kernel.org/stable/c/83d705d35e583cb1b1eacf196dfe7b77d442018e
https://git.kernel.org/stable/c/d1bd8b9edc6752d10f84d28ff64f842401ce336d