CVE-2026-23439 — NULL Pointer Dereference in Linux
Severity
5.5MEDIUM
No vectorEPSS
0.0%
top 90.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedApr 3
Description
In the Linux kernel, the following vulnerability has been resolved:
udp_tunnel: fix NULL deref caused by udp_sock_create6 when CONFIG_IPV6=n
When CONFIG_IPV6 is disabled, the udp_sock_create6() function returns 0
(success) without actually creating a socket. Callers such as
fou_create() then proceed to dereference the uninitialized socket
pointer, resulting in a NULL pointer dereference.
The captured NULL deref crash:
BUG: kernel NULL pointer dereference, address: 0000000000000018
RIP: 0010:f…
Affected Packages3 packages
▶CVEListV5linux/linuxfd384412e199b62c3ddaabd18dce86d0e164c5b9 — ba7c9ddcdd077942b798979edb035207374d4096+6
🔴Vulnerability Details
2OSV▶
CVE-2026-23439: In the Linux kernel, the following vulnerability has been resolved: udp_tunnel: fix NULL deref caused by udp_sock_create6 when CONFIG_IPV6=n When CONF↗2026-04-03
GHSA▶
GHSA-8f9w-9r3m-xjvx: In the Linux kernel, the following vulnerability has been resolved:
udp_tunnel: fix NULL deref caused by udp_sock_create6 when CONFIG_IPV6=n
When CO↗2026-04-03