CVE-2026-23304

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a flaw in the ipv6 subsystem, specifically within the ip6 rt get dev rcu() function. The issue arises when the l3mdev master dev rcu() function returns NULL during the un-slaving of a slave device from a VRF (Virtual Routing and Forwarding). This can lead to a NULL pointer dereference in ip6 rt pcpu alloc(), potentially causing system instability. The root cause is a missing fallback mechanism to the loopback device when handling this scenario. The issue was identified through KASAN (Kernel Address Sanitizer) testing. The vulnerable function is ip6 rt pcpu alloc().

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2026-23304

ECHO-8764-F3DE-8841

OESA-2026-1862

OESA-2026-1863

OESA-2026-1864

OPENSUSE-SU-2026:20572-1

SUSE-SU-2026:21114-1

SUSE-SU-2026:21123-1

SUSE-SU-2026:21237-1

SUSE-SU-2026:21255-1

SUSE-SU-2026:21352-1

SUSE-SU-2026:21361-1

Affected Products

Linux Kernel

CVE-2026-23304

Related Identifiers

Affected Products

References · 264