CVE-2026-23286NULL Pointer Dereference in Linux

CWE-476NULL Pointer Dereference8 documents7 sources
Severity
5.5MEDIUM
No vector
EPSS
0.0%
top 90.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
LinuxLinux KernelDebian Linux+1 more
Timeline
PublishedMar 25

Description

In the Linux kernel, the following vulnerability has been resolved: atm: lec: fix null-ptr-deref in lec_arp_clear_vccs syzkaller reported a null-ptr-deref in lec_arp_clear_vccs(). This issue can be easily reproduced using the syzkaller reproducer. In the ATM LANE (LAN Emulation) module, the same atm_vcc can be shared by multiple lec_arp_table entries (e.g., via entry->vcc or entry->recv_vcc). When the underlying VCC is closed, lec_vcc_close() iterates over all ARP entries and calls lec_arp_cl

Affected Packages5 packages

Linuxlinux/linux_kernel2.6.126.1.167+4
Debianlinux/linux_kernel< 6.19.8-1
CVEListV5linux/linux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2e9665986eb127290ceb535bd5d04d7a84265d94f+6
debiandebian/linux< linux 6.19.8-1 (forky)

🔴Vulnerability Details

3
OSV
CVE-2026-23286: In the Linux kernel, the following vulnerability has been resolved: atm: lec: fix null-ptr-deref in lec_arp_clear_vccs syzkaller reported a null-ptr-d2026-03-25
GHSA
GHSA-6rj2-xg9p-3jj4: In the Linux kernel, the following vulnerability has been resolved: atm: lec: fix null-ptr-deref in lec_arp_clear_vccs syzkaller reported a null-ptr2026-03-25
OSV
atm: lec: fix null-ptr-deref in lec_arp_clear_vccs2026-03-25

📋Vendor Advisories

3
Red Hat
kernel: atm: lec: fix null-ptr-deref in lec_arp_clear_vccs2026-03-25
Microsoft
atm: lec: fix null-ptr-deref in lec_arp_clear_vccs2026-03-10
Debian
CVE-2026-23286: linux - In the Linux kernel, the following vulnerability has been resolved: atm: lec: f...2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-23286 Impact, Exploitability, and Mitigation Steps | Wiz