CVE-2026-23460

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contained a flaw in the net/rose component where a NULL pointer dereference could occur in the rose transmit link function during a reconnect attempt. This issue arose because rose connect() lacked a check for the TCP SYN SENT state, allowing a second connection attempt while the first was in progress to overwrite rose->neighbour with NULL. Subsequently, closing the socket would lead to a call to rose write internal() and then rose transmit link(skb, NULL), resulting in the NULL pointer dereference.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.