CVE-2026-23442

EUVD-2026-18684
In the Linux kernel, the following vulnerability has been resolved:

ipv6: add NULL checks for idev in SRv6 paths

__in6_dev_get() can return NULL when the device has no IPv6 configuration
(e.g. MTU < IPV6_MIN_MTU or after NETDEV_UNREGISTER).

Add NULL checks for idev returned by __in6_dev_get() in both
seg6_hmac_validate_skb() and ipv6_srh_rcv() to prevent potential NULL
pointer dereferences.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 3%
Affected Products (NVD)
VendorProductVersion
linuxlinux_kernel
4.10.1 ≤
𝑥
< 6.12.83
linuxlinux_kernel
6.13 ≤
𝑥
< 6.19.10
linuxlinux_kernel
4.10
linuxlinux_kernel
7.0:rc1
linuxlinux_kernel
7.0:rc2
linuxlinux_kernel
7.0:rc3
linuxlinux_kernel
7.0:rc4
linuxlinux_kernel
7.0:rc5
linuxlinux_kernel
7.0:rc6
linuxlinux_kernel
7.0:rc7
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
linux
bookworm
vulnerable
bookworm (security)
vulnerable
bullseye
vulnerable
bullseye (security)
vulnerable
forky
7.0.7-1
fixed
sid
7.0.7-1
fixed
trixie
6.12.86-1
fixed
trixie (security)
6.12.88-1
fixed
Common Weakness Enumeration
References
https://git.kernel.org/stable/c/06413793526251870e20402c39930804f14d59c0
https://git.kernel.org/stable/c/50352fc103928e10e8729abc79a0d05abef26c4d
https://git.kernel.org/stable/c/a25853c9feea7bbf31d157ff6e004d2d3b4f7f13
https://git.kernel.org/stable/c/bc9843c39f9932a8b36efd1d362ea00bb88e4e78
https://git.kernel.org/stable/c/c5cedee5d97382176573bbe21e1724e737a5eb64