CVE-2026-23200

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A flaw exists in the Linux kernel's IPv6 implementation related to ECMP (Equal-Cost Multi-Path) routing. Specifically, a mismatch in sibling counts can occur when clearing the RTF ADDRCONF flag from routes with gateways. This issue was identified by syzbot, a kernel testing tool, which reported a kernel BUG in the fib6 add rt2node() function. The problem arises from clearing RTF ADDRCONF on routes with gateways, making them eligible for ECMP without being added to the fib6 siblings list, leading to inconsistent counts when adding subsequent ECMP routes. The fib6 add rt2node() function is involved in adding IPv6 routes.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.