CVE-2026-23098

CVSS v3.1

8.8

High

Vector

AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A double-free issue was identified in the netrom network routing mechanism within the Linux kernel. Specifically, the nr route frame() function frees memory associated with old skb without verifying if the nr neigh->ax25 pointer is NULL. If nr neigh->ax25 is NULL, a subsequent free operation on old skb occurs, leading to a double-free condition. The issue is addressed by adding a check to ensure nr neigh->ax25 is not NULL before freeing old skb.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Double Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-415

Related Identifiers

CVE-2026-23098

ECHO-AB63-4C96-C1B6

USN-8162-1

USN-8180-1

USN-8180-2

USN-8180-3

USN-8180-4

USN-8180-5

USN-8180-6

USN-8186-1

USN-8187-1

USN-8188-1

USN-8243-1

USN-8275-1

USN-8278-1

USN-8289-1

USN-8296-1

USN-8297-1

Affected Products

Linuxmint

Linux Kernel

Ubuntu

CVE-2026-23098

Weakness Enumeration

Related Identifiers

Affected Products

References · 601