CVE-2026-23293Access of Uninitialized Pointer in Linux

CWE-824Access of Uninitialized Pointer9 documents7 sources
Severity
5.5MEDIUM
No vector
EPSS
0.0%
top 90.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
LinuxLinux KernelDebian Linux+1 more
Timeline
PublishedMar 25

Description

In the Linux kernel, the following vulnerability has been resolved: net: vxlan: fix nd_tbl NULL dereference when IPv6 is disabled When booting with the 'ipv6.disable=1' parameter, the nd_tbl is never initialized because inet6_init() exits before ndisc_init() is called which initializes it. If an IPv6 packet is injected into the interface, route_shortcircuit() is called and a NULL pointer dereference happens on neigh_lookup(). BUG: kernel NULL pointer dereference, address: 0000000000000380 Oop

Affected Packages5 packages

Linuxlinux/linux_kernel3.12.06.1.167+4
Debianlinux/linux_kernel< 6.19.8-1
CVEListV5linux/linuxe15a00aafa4b7953ad717d3cb1ad7acf4ff76945b5190fcd75a1f1785c766a8d1e44d3938e168f45+6
debiandebian/linux< linux 6.19.8-1 (forky)

🔴Vulnerability Details

3
OSV
CVE-2026-23293: In the Linux kernel, the following vulnerability has been resolved: net: vxlan: fix nd_tbl NULL dereference when IPv6 is disabled When booting with th2026-03-25
GHSA
GHSA-4mrh-9qq5-26w5: In the Linux kernel, the following vulnerability has been resolved: net: vxlan: fix nd_tbl NULL dereference when IPv6 is disabled When booting with2026-03-25
OSV
net: vxlan: fix nd_tbl NULL dereference when IPv6 is disabled2026-03-25

📋Vendor Advisories

4
Red Hat
kernel: net: bridge: fix nd_tbl NULL dereference when IPv6 is disabled2026-03-25
Red Hat
kernel: net: vxlan: fix nd_tbl NULL dereference when IPv6 is disabled2026-03-25
Microsoft
net: vxlan: fix nd_tbl NULL dereference when IPv6 is disabled2026-03-10
Debian
CVE-2026-23293: linux - In the Linux kernel, the following vulnerability has been resolved: net: vxlan:...2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-23293 Impact, Exploitability, and Mitigation Steps | Wiz