CVE-2026-23098
8.8
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
In the Linux kernel, the following vulnerability has been resolved:
netrom: fix double-free in nr_route_frame()
In nr_route_frame(), old_skb is immediately freed without checking if nr_neigh->ax25 pointer is NULL. Therefore, if nr_neigh->ax25 is NULL, the caller function will free old_skb again, causing a double-free bug.
Therefore, to prevent this, we need to modify it to check whether nr_neigh->ax25 is NULL before freeing old_skb.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 25aab6bfc31017a7e52035b99aef5c2b6bde8ffb | affected |
| Linux | Linux | 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 6e0110ea90313b7c0558a0b77038274a6821caf8 | affected |
| Linux | Linux | 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 7c48fdf2d1349bb54815b56fb012b9d577707708 | affected |
| Linux | Linux | 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < bd8955337e3764f912f49b360e176d8aaecf7016 | affected |
| Linux | Linux | 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 94d1a8bd08af1f4cc345c5c29f5db1ea72b8bb8c | affected |
| Linux | Linux | 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 9f5fa78d9980fe75a69835521627ab7943cb3d67 | affected |
| Linux | Linux | 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < ba1096c315283ee3292765f6aea4cca15816c4f7 | affected |
| Linux | Linux | 2.6.12 | affected |
| Linux | Linux | 0 < 2.6.12 | unaffected |
| Linux | Linux | 5.10.249 <= 5.10.* | unaffected |
| Linux | Linux | 5.15.199 <= 5.15.* | unaffected |
| Linux | Linux | 6.1.162 <= 6.1.* | unaffected |
| Linux | Linux | 6.6.122 <= 6.6.* | unaffected |
| Linux | Linux | 6.12.68 <= 6.12.* | unaffected |
| Linux | Linux | 6.18.8 <= 6.18.* | unaffected |
| Linux | Linux | 6.19 <= * | unaffected |
Weaknesses
References
- https://git.kernel.org/stable/c/25aab6bfc31017a7e52035b99aef5c2b6bde8ffb
- https://git.kernel.org/stable/c/6e0110ea90313b7c0558a0b77038274a6821caf8
- https://git.kernel.org/stable/c/7c48fdf2d1349bb54815b56fb012b9d577707708
- https://git.kernel.org/stable/c/bd8955337e3764f912f49b360e176d8aaecf7016
- https://git.kernel.org/stable/c/94d1a8bd08af1f4cc345c5c29f5db1ea72b8bb8c
- https://git.kernel.org/stable/c/9f5fa78d9980fe75a69835521627ab7943cb3d67
- https://git.kernel.org/stable/c/ba1096c315283ee3292765f6aea4cca15816c4f7
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.