CVE-2026-22983NULL Pointer Dereference in Linux

CWE-476NULL Pointer Dereference6 documents6 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 94.97%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedJan 23

Description

In the Linux kernel, the following vulnerability has been resolved: net: do not write to msg_get_inq in callee NULL pointer dereference fix. msg_get_inq is an input field from caller to callee. Don't set it in the callee, as the caller may not clear it on struct reuse. This is a kernel-internal variant of msghdr only, and the only user does reinitialize the field. So this is not critical for that reason. But it is more robust to avoid the write, and slightly simpler code. And it fixes a bug,

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

NVDlinux/linux_kernel6.18.46.18.6+1
Debianlinux/linux_kernel< 6.18.8-1
CVEListV5linux/linux089e50f29eeec8eef6ae1450fc88138d719291cbffa2be496ef65055b28b39c6bd9a7d66943ee89a+2
debiandebian/linux< linux 6.18.8-1 (forky)

Patches

Patch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

2
OSV
CVE-2026-22983: In the Linux kernel, the following vulnerability has been resolved: net: do not write to msg_get_inq in callee NULL pointer dereference fix2026-01-23
GHSA
GHSA-3c6v-88wh-34ph: In the Linux kernel, the following vulnerability has been resolved: net: do not write to msg_get_inq in callee NULL pointer dereference fix2026-01-23

📋Vendor Advisories

2
Red Hat
kernel: net: do not write to msg_get_inq in callee2026-01-23
Debian
CVE-2026-22983: linux - In the Linux kernel, the following vulnerability has been resolved: net: do not...2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-22983 Impact, Exploitability, and Mitigation Steps | Wiz