CVE-2026-23442

Summary

In the Linux kernel, the following vulnerability has been resolved:

ipv6: add NULL checks for idev in SRv6 paths

__in6_dev_get() can return NULL when the device has no IPv6 configuration (e.g. MTU < IPV6_MIN_MTU or after NETDEV_UNREGISTER).

Add NULL checks for idev returned by __in6_dev_get() in both seg6_hmac_validate_skb() and ipv6_srh_rcv() to prevent potential NULL pointer dereferences.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux1ababeba4a21f3dba3da3523c670b207fb2feb62 < 0348fa0ada37cef7c6b5ab2a428bb2c6aee784e4affected
LinuxLinux1ababeba4a21f3dba3da3523c670b207fb2feb62 < 83d705d35e583cb1b1eacf196dfe7b77d442018eaffected
LinuxLinux1ababeba4a21f3dba3da3523c670b207fb2feb62 < d1bd8b9edc6752d10f84d28ff64f842401ce336daffected
LinuxLinux1ababeba4a21f3dba3da3523c670b207fb2feb62 < 50352fc103928e10e8729abc79a0d05abef26c4daffected
LinuxLinux1ababeba4a21f3dba3da3523c670b207fb2feb62 < bc9843c39f9932a8b36efd1d362ea00bb88e4e78affected
LinuxLinux1ababeba4a21f3dba3da3523c670b207fb2feb62 < c5cedee5d97382176573bbe21e1724e737a5eb64affected
LinuxLinux1ababeba4a21f3dba3da3523c670b207fb2feb62 < a25853c9feea7bbf31d157ff6e004d2d3b4f7f13affected
LinuxLinux1ababeba4a21f3dba3da3523c670b207fb2feb62 < 06413793526251870e20402c39930804f14d59c0affected
LinuxLinux4.10affected
LinuxLinux0 < 4.10unaffected
LinuxLinux5.10.258 <= 5.10.*unaffected
LinuxLinux5.15.209 <= 5.15.*unaffected
LinuxLinux6.1.175 <= 6.1.*unaffected
LinuxLinux6.6.136 <= 6.6.*unaffected
LinuxLinux6.12.83 <= 6.12.*unaffected
LinuxLinux6.18.25 <= 6.18.*unaffected
LinuxLinux6.19.10 <= 6.19.*unaffected
LinuxLinux7.0 <= *unaffected

Weaknesses

References