CVE-2026-23442 — NULL Pointer Dereference in Linux

CWE-476 — NULL Pointer Dereference7 documents7 sources

Severity

5.5MEDIUM

No vector

EPSS

0.0%

top 93.50%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Debian Linux +1 more

Timeline

PublishedApr 3

Description

In the Linux kernel, the following vulnerability has been resolved: ipv6: add NULL checks for idev in SRv6 paths __in6_dev_get() can return NULL when the device has no IPv6 configuration (e.g. MTU < IPV6_MIN_MTU or after NETDEV_UNREGISTER). Add NULL checks for idev returned by __in6_dev_get() in both seg6_hmac_validate_skb() and ipv6_srh_rcv() to prevent potential NULL pointer dereferences.

Affected Packages4 packages

▶Debianlinux/linux_kernel< 6.19.10-1

▶msrcmsrc/azl3_kernel_6.6.130.1-3_on_azure_linux_3.0

▶CVEListV5linux/linux1ababeba4a21f3dba3da3523c670b207fb2feb62 — a25853c9feea7bbf31d157ff6e004d2d3b4f7f13+2

▶debiandebian/linux< linux 6.19.10-1 (forky)

🔴Vulnerability Details

OSV

CVE-2026-23442: In the Linux kernel, the following vulnerability has been resolved: ipv6: add NULL checks for idev in SRv6 paths __in6_dev_get() can return NULL when↗2026-04-03

▶

GHSA

GHSA-prgg-rgfw-vr94: In the Linux kernel, the following vulnerability has been resolved: ipv6: add NULL checks for idev in SRv6 paths __in6_dev_get() can return NULL whe↗2026-04-03

▶

📋Vendor Advisories

Red Hat

kernel: ipv6: add NULL checks for idev in SRv6 paths↗2026-04-03

▶

Microsoft

ipv6: add NULL checks for idev in SRv6 paths↗2026-04-02

▶

Debian

CVE-2026-23442: linux - In the Linux kernel, the following vulnerability has been resolved: ipv6: add N...↗2026

▶

🕵️Threat Intelligence

Wiz

CVE-2026-23442 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶