CVE-2026-23048 — NULL Pointer Dereference in Linux

CWE-476 — NULL Pointer Dereference8 documents7 sources

Severity

5.3MEDIUM

No vector

EPSS

0.0%

top 92.34%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Debian Linux

Timeline

PublishedFeb 4

Description

In the Linux kernel, the following vulnerability has been resolved: udp: call skb_orphan() before skb_attempt_defer_free() Standard UDP receive path does not use skb->destructor. But skmsg layer does use it, since it calls skb_set_owner_sk_safe() from udp_read_skb(). This then triggers this warning in skb_attempt_defer_free(): DEBUG_NET_WARN_ON_ONCE(skb->destructor); We must call skb_orphan() to fix this issue.

Affected Packages4 packages

▶Linuxlinux/linux_kernel6.18.0 — 6.18.6

▶Debianlinux/linux_kernel< 6.18.8-1

▶CVEListV5linux/linux6471658dc66c670580a7616e75f51b52917e7883 — 0c63d5683eae6a7b4d81382bcbecb2a19feff90d+2

▶debiandebian/linux< linux 6.18.8-1 (forky)

🔴Vulnerability Details

GHSA

GHSA-h5xw-xh97-3j7m: In the Linux kernel, the following vulnerability has been resolved: udp: call skb_orphan() before skb_attempt_defer_free() Standard UDP receive path↗2026-02-04

▶

OSV

CVE-2026-23048: In the Linux kernel, the following vulnerability has been resolved: udp: call skb_orphan() before skb_attempt_defer_free() Standard UDP receive path d↗2026-02-04

▶

OSV

udp: call skb_orphan() before skb_attempt_defer_free()↗2026-02-04

▶

📋Vendor Advisories

Red Hat

kernel: udp: call skb_orphan() before skb_attempt_defer_free()↗2026-02-04

▶

Oracle

Oracle Oracle Fusion Middleware Risk Matrix: SSL Module (Apache HTTP Server) — CVE-2025-23048↗2026-01-15

▶

Debian

CVE-2026-23048: linux - In the Linux kernel, the following vulnerability has been resolved: udp: call s...↗2026

▶

🕵️Threat Intelligence

Wiz

CVE-2026-23048 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶