-
CVE-2026-43086
- EPSS 0.02%
- Veröffentlicht 06.05.2026 07:40:20
- Zuletzt bearbeitet 06.05.2026 13:08:07
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- CVE-Watchlists
- Unerledigt
ipvs: fix NULL deref in ip_vs_add_service error path
In the Linux kernel, the following vulnerability has been resolved: ipvs: fix NULL deref in ip_vs_add_service error path When ip_vs_bind_scheduler() succeeds in ip_vs_add_service(), the local variable sched is set to NULL. If ip_vs_start_estimator() subsequently fails, the out_err cleanup calls ip_vs_unbind_scheduler(svc, sched) with sched == NULL. ip_vs_unbind_scheduler() passes the cur_sched NULL check (because svc->scheduler was set by the successful bind) but then dereferences the NULL sched parameter at sched->done_service, causing a kernel panic at offset 0x30 from NULL. Oops: general protection fault, [..] [#1] PREEMPT SMP KASAN NOPTI KASAN: null-ptr-deref in range [0x0000000000000030-0x0000000000000037] RIP: 0010:ip_vs_unbind_scheduler (net/netfilter/ipvs/ip_vs_sched.c:69) Call Trace: <TASK> ip_vs_add_service.isra.0 (net/netfilter/ipvs/ip_vs_ctl.c:1500) do_ip_vs_set_ctl (net/netfilter/ipvs/ip_vs_ctl.c:2809) nf_setsockopt (net/netfilter/nf_sockopt.c:102) [..] Fix by simply not clearing the local sched variable after a successful bind. ip_vs_unbind_scheduler() already detects whether a scheduler is installed via svc->scheduler, and keeping sched non-NULL ensures the error path passes the correct pointer to both ip_vs_unbind_scheduler() and ip_vs_scheduler_put(). While the bug is older, the problem popups in more recent kernels (6.2), when the new error path is taken after the ip_vs_start_estimator() call.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerLinux
≫
Produkt
Linux
Default Statusunaffected
Version
705dd34440812735ece298eb5bc153fde9544d42
Version <
730663352c9178f33fcf5929f4a37c1f1ca5a693
Status
affected
Version
705dd34440812735ece298eb5bc153fde9544d42
Version <
4039959315008888dd53c37674d33351817a5166
Status
affected
Version
705dd34440812735ece298eb5bc153fde9544d42
Version <
a32dabacee111cea083ddd57a03635672e1bff29
Status
affected
Version
705dd34440812735ece298eb5bc153fde9544d42
Version <
c2ddbe577e2ebf63f2d8fb15cdc7503af70f3e94
Status
affected
Version
705dd34440812735ece298eb5bc153fde9544d42
Version <
9a91797e61d286805ae10a92cc48959c30800556
Status
affected
HerstellerLinux
≫
Produkt
Linux
Default Statusaffected
Version
6.2
Status
affected
Version
0
Version <
6.2
Status
unaffected
Version <=
6.6.*
Version
6.6.136
Status
unaffected
Version <=
6.12.*
Version
6.12.83
Status
unaffected
Version <=
6.18.*
Version
6.18.24
Status
unaffected
Version <=
6.19.*
Version
6.19.14
Status
unaffected
Version <=
*
Version
7.0
Status
unaffected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.02% | 0.068 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|