CVE-2026-23300

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A kernel panic occurs when an IPv4 route references a standalone IPv6 nexthop object created with a loopback device. The function fib6 nh init() misclassifies these objects as reject routes because they lack a destination prefix (fc dst=::), which causes fib6 is reject() to match any loopback nexthop. Consequently, the reject path bypasses fib nh common init(), leaving the variable nhc pcpu rth output unallocated. When mkroute output() subsequently dereferences the NULL nhc pcpu rth output, the system panics.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

CVE-2026-23300

ECHO-9FED-06BF-138D

OESA-2026-1862

OESA-2026-1863

OESA-2026-1864

OPENSUSE-SU-2026:20826-1

SUSE-SU-2026:21841-1

SUSE-SU-2026:21845-1

SUSE-SU-2026:21860-1

Affected Products

Linux Kernel

CVE-2026-23300

Weakness Enumeration

Related Identifiers

Affected Products

References · 79