CVE-2026-23293

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.

In the Linux kernel, the following vulnerability has been resolved:

net: vxlan: fix nd tbl NULL dereference when IPv6 is disabled

When booting with the 'ipv6.disable=1' parameter, the nd tbl is never initialized because inet6 init() exits before ndisc init() is called which initializes it. If an IPv6 packet is injected into the interface, route shortcircuit() is called and a NULL pointer dereference happens on neigh lookup().

BUG: kernel NULL pointer dereference, address: 0000000000000380 Oops: Oops: 0000 [#1] SMP NOPTI [...] RIP: 0010:neigh lookup+0x20/0x270 [...] Call Trace: vxlan xmit+0x638/0x1ef0 [vxlan] dev hard start xmit+0x9e/0x2e0 dev queue xmit+0xbee/0x14e0 packet sendmsg+0x116f/0x1930 sys sendto+0x1f5/0x200 x64 sys sendto+0x24/0x30 do syscall 64+0x12f/0x1590 entry SYSCALL 64 after hwframe+0x76/0x7e

Fix this by adding an early check on route shortcircuit() when protocol is ETH P IPV6. Note that ipv6 mod enabled() cannot be used here because VXLAN can be built-in even when IPv6 is built as a module.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2026-23293

Affected Products

Linux

CVE-2026-23293

Related Identifiers

Affected Products

References · 7