CVE-2026-45846

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A NULL pointer dereference occurs in the bareudp fill metadata dst() function. The function passes bareudp->sock to udp tunnel6 dst lookup() in the IPv6 path without performing a NULL check. Because the socket is created during bareudp open() and set to NULL during bareudp stop(), calling this function while the device is down triggers a NULL dereference via sock->sk.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.