CVE-2026-23398 — NULL Pointer Dereference in Linux
Severity
8.2HIGH
No vectorEPSS
0.0%
top 90.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMar 26
Latest updateApr 20
Description
In the Linux kernel, the following vulnerability has been resolved:
icmp: fix NULL pointer dereference in icmp_tag_validation()
icmp_tag_validation() unconditionally dereferences the result of
rcu_dereference(inet_protos[proto]) without checking for NULL.
The inet_protos[] array is sparse -- only about 15 of 256 protocol
numbers have registered handlers. When ip_no_pmtu_disc is set to 3
(hardened PMTU mode) and the kernel receives an ICMP Fragmentation
Needed error with a quoted inner IP heade…
Affected Packages5 packages
▶CVEListV5linux/linux8ed1dc44d3e9e8387a104b1ae8f92e9a3fbf1b1e — 1f9f2c6d4b2a613b7756fc5679c5116ba2ca0161+6
🔴Vulnerability Details
4VulDB▶
Linux Kernel up to 7.0-rc4 net/ipv4/icmp.c icmp_tag_validation inet_protos[] null pointer dereference (EUVD-2026-16158 / WID-SEC-2026-0879)↗2026-04-20
GHSA▶
GHSA-x3j5-9ghr-8cwm: In the Linux kernel, the following vulnerability has been resolved:
icmp: fix NULL pointer dereference in icmp_tag_validation()
icmp_tag_validation(↗2026-03-26
OSV▶
CVE-2026-23398: In the Linux kernel, the following vulnerability has been resolved: icmp: fix NULL pointer dereference in icmp_tag_validation() icmp_tag_validation()↗2026-03-26