PT-2026-30137 · Linux · Linux Kernel
Published
2026-04-03
·
Updated
2026-05-26
·
CVE-2026-23442
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Linux kernel (affected versions not specified)
Description
The Linux kernel contains a flaw where the
in6 dev get() function can return NULL when a device lacks IPv6 configuration, such as when the MTU is less than the minimum IPv6 MTU or after device unregistration. This can lead to NULL pointer dereferences in seg6 hmac validate skb() and ipv6 srh rcv() functions when processing SRv6 paths.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
NULL Pointer Dereference
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Linux Kernel