CVE-2026-23398

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a flaw within the icmp tag validation() function. This function unconditionally dereferences a pointer without a preceding NULL check. Specifically, it dereferences the result of rcu dereference(inet protos[proto]) without verifying if it is NULL. The inet protos[] array is sparsely populated, with only a limited number of protocol handlers registered. When the ip no pmtu disc setting is configured to 3 (hardened PMTU mode), and the kernel processes an ICMP Fragmentation Needed error containing an unregistered protocol number, a NULL dereference occurs, leading to a kernel panic in the softirq context. The function icmp unreach is involved in the call trace. A fix involves adding a NULL check before accessing icmp strict tag validation, returning false if no handler is registered.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.