CVE-2026-45842

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A flaw exists in the SLIP (Serial Line IP) implementation where the slhc init() function allows a configuration with rslots set to 0, indicating no receive compression. In this state, the comp->rstate pointer remains NULL and comp->rslot limit is 0. The receive helpers slhc uncompress() and slhc remember() fail to validate this configuration, leading to a NULL pointer dereference when processing VJ-compressed or uncompressed frames that select slot 0. This can be triggered via PPP by passing a specific value to PPPIOCSMAXCID, which is reachable from an unprivileged user namespace due to the way /dev/ppp is gated. Successful exploitation results in a kernel crash in softirq context.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.