CVE-2026-23450NULL Pointer Dereference in Linux

CWE-476NULL Pointer Dereference7 documents7 sources
Severity
7.0HIGH
No vector
EPSS
0.0%
top 90.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedApr 3

Description

In the Linux kernel, the following vulnerability has been resolved: net/smc: fix NULL dereference and UAF in smc_tcp_syn_recv_sock() Syzkaller reported a panic in smc_tcp_syn_recv_sock() [1]. smc_tcp_syn_recv_sock() is called in the TCP receive path (softirq) via icsk_af_ops->syn_recv_sock on the clcsock (TCP listening socket). It reads sk_user_data to get the smc_sock pointer. However, when the SMC listen socket is being closed concurrently, smc_close_active() sets clcsock->sk_user_data to N

Affected Packages3 packages

Debianlinux/linux_kernel< 6.19.10-1
CVEListV5linux/linux8270d9c21041470f58348248b9d9dcf3bf79592e1e4f873879e075bbd4eb1c644d6933303ac5eba4+7
debiandebian/linux< linux 6.19.10-1 (forky)

🔴Vulnerability Details

2
GHSA
GHSA-m7g4-hqc4-25c8: In the Linux kernel, the following vulnerability has been resolved: net/smc: fix NULL dereference and UAF in smc_tcp_syn_recv_sock() Syzkaller repor2026-04-03
OSV
CVE-2026-23450: In the Linux kernel, the following vulnerability has been resolved: net/smc: fix NULL dereference and UAF in smc_tcp_syn_recv_sock() Syzkaller reporte2026-04-03

📋Vendor Advisories

2
Red Hat
kernel: net/smc: fix NULL dereference and UAF in smc_tcp_syn_recv_sock()2026-04-03
Debian
CVE-2026-23450: linux - In the Linux kernel, the following vulnerability has been resolved: net/smc: fi...2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-23450 Impact, Exploitability, and Mitigation Steps | Wiz

💬Community

1
Bugzilla
CVE-2026-23450 kernel: net/smc: fix NULL dereference and UAF in smc_tcp_syn_recv_sock()2026-04-03