{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-23381", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-01-13T15:37:46.007Z", "datePublished": "2026-03-25T10:28:00.416Z", "dateUpdated": "2026-05-11T22:05:46.570Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-11T22:05:46.570Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: bridge: fix nd_tbl NULL dereference when IPv6 is disabled\n\nWhen booting with the 'ipv6.disable=1' parameter, the nd_tbl is never\ninitialized because inet6_init() exits before ndisc_init() is called\nwhich initializes it. Then, if neigh_suppress is enabled and an ICMPv6\nNeighbor Discovery packet reaches the bridge, br_do_suppress_nd() will\ndereference ipv6_stub->nd_tbl which is NULL, passing it to\nneigh_lookup(). This causes a kernel NULL pointer dereference.\n\n BUG: kernel NULL pointer dereference, address: 0000000000000268\n Oops: 0000 [#1] PREEMPT SMP NOPTI\n [...]\n RIP: 0010:neigh_lookup+0x16/0xe0\n [...]\n Call Trace:\n <IRQ>\n ? neigh_lookup+0x16/0xe0\n br_do_suppress_nd+0x160/0x290 [bridge]\n br_handle_frame_finish+0x500/0x620 [bridge]\n br_handle_frame+0x353/0x440 [bridge]\n __netif_receive_skb_core.constprop.0+0x298/0x1110\n __netif_receive_skb_one_core+0x3d/0xa0\n process_backlog+0xa0/0x140\n __napi_poll+0x2c/0x170\n net_rx_action+0x2c4/0x3a0\n handle_softirqs+0xd0/0x270\n do_softirq+0x3f/0x60\n\nFix this by replacing IS_ENABLED(IPV6) call with ipv6_mod_enabled() in\nthe callers. This is in essence disabling NS/NA suppression when IPv6 is\ndisabled."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/bridge/br_device.c", "net/bridge/br_input.c"], "versions": [{"version": "ed842faeb2bd49256f00485402f3113205f91d30", "lessThan": "a9d712ccfeef737c0e700a4b5b98f310e07b6b60", "status": "affected", "versionType": "git"}, {"version": "ed842faeb2bd49256f00485402f3113205f91d30", "lessThan": "a5c56e65b685360dd3f2278aeff8c21061feb665", "status": "affected", "versionType": "git"}, {"version": "ed842faeb2bd49256f00485402f3113205f91d30", "lessThan": "7a894eb5de246d79f13105c55a67381039a24d44", "status": "affected", "versionType": "git"}, {"version": "ed842faeb2bd49256f00485402f3113205f91d30", "lessThan": "a12cdaa3375f0bd3c8f4e564be7c143529abfe5b", "status": "affected", "versionType": "git"}, {"version": "ed842faeb2bd49256f00485402f3113205f91d30", "lessThan": "aa73deb3b6b730ec280d45b3f423bfa9e17bc122", "status": "affected", "versionType": "git"}, {"version": "ed842faeb2bd49256f00485402f3113205f91d30", "lessThan": "33dec6f10777d5a8f71c0a200f690da5ae3c2e55", "status": "affected", "versionType": "git"}, {"version": "ed842faeb2bd49256f00485402f3113205f91d30", "lessThan": "20ef5c25422f97dd09d751e5ae6c18406cdc78e6", "status": "affected", "versionType": "git"}, {"version": "ed842faeb2bd49256f00485402f3113205f91d30", "lessThan": "e5e890630533bdc15b26a34bb8e7ef539bdf1322", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/bridge/br_device.c", "net/bridge/br_input.c"], "versions": [{"version": "4.15", "status": "affected"}, {"version": "0", "lessThan": "4.15", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.253", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.203", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.167", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.130", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.77", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.17", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19.7", "lessThanOrEqual": "6.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.15", "versionEndExcluding": "5.10.253"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.15", "versionEndExcluding": "5.15.203"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.15", "versionEndExcluding": "6.1.167"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.15", "versionEndExcluding": "6.6.130"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.15", "versionEndExcluding": "6.12.77"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.15", "versionEndExcluding": "6.18.17"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.15", "versionEndExcluding": "6.19.7"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.15", "versionEndExcluding": "7.0"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/a9d712ccfeef737c0e700a4b5b98f310e07b6b60"}, {"url": "https://git.kernel.org/stable/c/a5c56e65b685360dd3f2278aeff8c21061feb665"}, {"url": "https://git.kernel.org/stable/c/7a894eb5de246d79f13105c55a67381039a24d44"}, {"url": "https://git.kernel.org/stable/c/a12cdaa3375f0bd3c8f4e564be7c143529abfe5b"}, {"url": "https://git.kernel.org/stable/c/aa73deb3b6b730ec280d45b3f423bfa9e17bc122"}, {"url": "https://git.kernel.org/stable/c/33dec6f10777d5a8f71c0a200f690da5ae3c2e55"}, {"url": "https://git.kernel.org/stable/c/20ef5c25422f97dd09d751e5ae6c18406cdc78e6"}, {"url": "https://git.kernel.org/stable/c/e5e890630533bdc15b26a34bb8e7ef539bdf1322"}], "title": "net: bridge: fix nd_tbl NULL dereference when IPv6 is disabled", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "B17827E3-86FD-498B-B936-E57F1C08BF4A", "versionEndExcluding": "5.10.253", "versionStartIncluding": "4.15.1", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "20DDB3E9-AABF-4107-ADB0-5362AA067045", "versionEndExcluding": "5.15.203", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "2EDC6BAF-B710-4E26-B6AA-D68922EE7B43", "versionEndExcluding": "6.1.167", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "C57BB918-DF28-46B3-94F7-144176841267", "versionEndExcluding": "6.6.130", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "B3D12E00-E42D-4056-B354-BAD4903C03A5", "versionEndExcluding": "6.12.77", "versionStartIncluding": "6.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "A5E006E4-59C7-43C1-9231-62A72219F2BA", "versionEndExcluding": "6.18.17", "versionStartIncluding": "6.13", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "69245D10-0B71-485E-80C3-A64F077004D3", "versionEndExcluding": "6.19.7", "versionStartIncluding": "6.19", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:4.15:-:*:*:*:*:*:*", "matchCriteriaId": "3B4D39AF-668B-442B-8085-639A6D4FA5AC", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "F253B622-8837-4245-BCE5-A7BF8FC76A16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*", "matchCriteriaId": "F666C8D8-6538-46D4-B318-87610DE64C34", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*", "matchCriteriaId": "02259FDA-961B-47BC-AE7F-93D7EC6E90C2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*", "matchCriteriaId": "58A9FEFF-C040-420D-8F0A-BFDAAA1DF258", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*", "matchCriteriaId": "1D2315C0-D46F-4F85-9754-F9E5E11374A6", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc7:*:*:*:*:*:*", "matchCriteriaId": "512EE3A8-A590-4501-9A94-5D4B268D6138", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: bridge: fix nd_tbl NULL dereference when IPv6 is disabled\n\nWhen booting with the 'ipv6.disable=1' parameter, the nd_tbl is never\ninitialized because inet6_init() exits before ndisc_init() is called\nwhich initializes it. Then, if neigh_suppress is enabled and an ICMPv6\nNeighbor Discovery packet reaches the bridge, br_do_suppress_nd() will\ndereference ipv6_stub->nd_tbl which is NULL, passing it to\nneigh_lookup(). This causes a kernel NULL pointer dereference.\n\n BUG: kernel NULL pointer dereference, address: 0000000000000268\n Oops: 0000 [#1] PREEMPT SMP NOPTI\n [...]\n RIP: 0010:neigh_lookup+0x16/0xe0\n [...]\n Call Trace:\n <IRQ>\n ? neigh_lookup+0x16/0xe0\n br_do_suppress_nd+0x160/0x290 [bridge]\n br_handle_frame_finish+0x500/0x620 [bridge]\n br_handle_frame+0x353/0x440 [bridge]\n __netif_receive_skb_core.constprop.0+0x298/0x1110\n __netif_receive_skb_one_core+0x3d/0xa0\n process_backlog+0xa0/0x140\n __napi_poll+0x2c/0x170\n net_rx_action+0x2c4/0x3a0\n handle_softirqs+0xd0/0x270\n do_softirq+0x3f/0x60\n\nFix this by replacing IS_ENABLED(IPV6) call with ipv6_mod_enabled() in\nthe callers. This is in essence disabling NS/NA suppression when IPv6 is\ndisabled."}, {"lang": "es", "value": "En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\n\nnet: bridge: corrige la desreferencia NULL de nd_tbl cuando IPv6 est\u00e1 deshabilitado\n\nAl arrancar con el par\u00e1metro 'ipv6.disable=1', el nd_tbl nunca se inicializa porque inet6_init() sale antes de que se llame a ndisc_init(), que es quien lo inicializa. Luego, si neigh_suppress est\u00e1 habilitado y un paquete ICMPv6 Neighbor Discovery llega al puente, br_do_suppress_nd() desreferenciar\u00e1 ipv6_stub-&gt;nd_tbl, que es NULL, pas\u00e1ndolo a neigh_lookup(). Esto causa una desreferencia de puntero NULL del kernel.\n\n BUG: desreferencia de puntero NULL del kernel, direcci\u00f3n: 0000000000000268\n Oops: 0000 [#1] PREEMPT SMP NOPTI\n [...]\n RIP: 0010:neigh_lookup+0x16/0xe0\n [...]\n Rastro de Llamada:\n \n ? neigh_lookup+0x16/0xe0\n br_do_suppress_nd+0x160/0x290 [bridge]\n br_handle_frame_finish+0x500/0x620 [bridge]\n br_handle_frame+0x353/0x440 [bridge]\n __netif_receive_skb_core.constprop.0+0x298/0x1110\n __netif_receive_skb_one_core+0x3d/0xa0\n process_backlog+0xa0/0x140\n __napi_poll+0x2c/0x170\n net_rx_action+0x2c4/0x3a0\n handle_softirqs+0xd0/0x270\n do_softirq+0x3f/0x60\n\nSoluciona esto reemplazando la llamada a IS_ENABLED(IPV6) con ipv6_mod_enabled() en los llamadores. Esto es, en esencia, deshabilitar la supresi\u00f3n de NS/NA cuando IPv6 est\u00e1 deshabilitado."}], "id": "CVE-2026-23381", "lastModified": "2026-04-24T18:41:47.693", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-03-25T11:16:38.160", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/20ef5c25422f97dd09d751e5ae6c18406cdc78e6"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/33dec6f10777d5a8f71c0a200f690da5ae3c2e55"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/7a894eb5de246d79f13105c55a67381039a24d44"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/a12cdaa3375f0bd3c8f4e564be7c143529abfe5b"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/a5c56e65b685360dd3f2278aeff8c21061feb665"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/a9d712ccfeef737c0e700a4b5b98f310e07b6b60"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/aa73deb3b6b730ec280d45b3f423bfa9e17bc122"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/e5e890630533bdc15b26a34bb8e7ef539bdf1322"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: net: bridge: fix nd_tbl NULL dereference when IPv6 is disabled", "id": "2451220", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451220"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-824", "details": ["A flaw was found in the Linux kernel's network bridging component. When Internet Protocol version 6 (IPv6) is explicitly disabled, a critical data structure for Neighbor Discovery is not properly initialized. A remote attacker could exploit this by sending a specially crafted Internet Control Message Protocol version 6 (ICMPv6) Neighbor Discovery packet. This could lead to a kernel NULL pointer dereference, causing the system to crash and resulting in a Denial of Service (DoS)."], "mitigation": {"lang": "en:us", "value": "Do not use the ipv6.disable=1 boot parameter on systems using network bridging with neighbor suppression, or disable neigh_suppress on bridges when IPv6 is disabled."}, "name": "CVE-2026-23381", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-03-25T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-23381\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-23381\nhttps://lore.kernel.org/linux-cve-announce/2026032543-CVE-2026-23381-378d@gregkh/T"], "statement": "This flaw affects bridge configurations with neigh_suppress enabled while IPv6 is disabled via ipv6.disable=1. When ICMPv6 ND packets reach the bridge, br_do_suppress_nd() dereferences the uninitialized nd_tbl, causing a NULL pointer crash. Similar to CVE-2026-23293 but affects bridge instead of VXLAN.", "threat_severity": "Moderate"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[ed842faeb2bd49256f00485402f3113205f91d30,7a894eb5de246d79f13105c55a67381039a24d44)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[ed842faeb2bd49256f00485402f3113205f91d30,a12cdaa3375f0bd3c8f4e564be7c143529abfe5b)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[ed842faeb2bd49256f00485402f3113205f91d30,aa73deb3b6b730ec280d45b3f423bfa9e17bc122)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[ed842faeb2bd49256f00485402f3113205f91d30,33dec6f10777d5a8f71c0a200f690da5ae3c2e55)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[ed842faeb2bd49256f00485402f3113205f91d30,20ef5c25422f97dd09d751e5ae6c18406cdc78e6)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[ed842faeb2bd49256f00485402f3113205f91d30,e5e890630533bdc15b26a34bb8e7ef539bdf1322)"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "4.15"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[0,4.15)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.1.167,6.2.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.6.130,6.7.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.12.77,6.13.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.18.17,6.19.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.19.7,6.20.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[7.0-rc3,*]"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}], "analysis": {"en": {"generated_at": "2026-04-28T09:07:27.218403+00:00", "value": {"mitigation_remediation": ["Apply the latest Linux kernel release that includes the fix for CVE-2026-23381.", "Verify that your bridge configuration does not enable neighbor suppression when IPv6 is disabled.", "If an immediate kernel upgrade is not possible, disable IPv6-related bridge functionality or revert to a non\u2011vulnerable kernel version until the patch is available.", "Continuously monitor system logs for Oops messages related to br_do_suppress_nd and apply subsequent security patches promptly."], "summary": {"action": "Patch", "impact": "Kernel Crash (Denial of Service)"}, "threat_synthesis": {"affected_systems": "All Linux kernel installations that include the bridge networking subsystem are potentially affected when IPv6 is disabled and Neighbor Discovery suppression is enabled. No specific versions are listed, so any kernel version compiling the upstream bridge code at the time of this vulnerability could be impacted until the fix is applied. Distributions that ship kernel packages must ensure that the updated kernel is deployed to users running a bridged network configuration with IPv6 disabled.", "description_and_impact": "The vulnerability occurs in the Linux kernel's bridge networking code. When IPv6 is disabled via the kernel boot parameter, the nd_tbl structure is never initialized. If Neighbor Discovery suppression is enabled and an ICMPv6 Neighbor Discovery packet is processed by a bridged interface, the code dereferences a NULL nd_tbl pointer, triggering a kernel NULL pointer dereference and an Oops crash. This results in a denial of service by crashing the kernel and requiring a reboot, exemplifying a CWE\u2011476 (NULL pointer dereference) and CWE\u2011824 weakness.", "risk_and_exploitability": "The CVSS score of 5.5 indicates moderate severity, and the EPSS score of less than 1% suggests a low likelihood of exploitation in the wild. The vulnerability is not currently catalogued in CISA\u2019s KEV list. Exploitation requires that the bridged system receives an ICMPv6 Neighbor Discovery packet, which could be triggered by legitimate network traffic when IPv6 is partially enabled or by a crafted packet if the system processes such traffic. Because the flaw results in a kernel crash rather than privilege escalation, the focus is on preventing service interruption. The official fix replaces the compile-time check with a runtime check, effectively disabling Neighbor Suppression when IPv6 is disabled."}}}}, "created": "2026-03-25T21:31:34.883129+00:00", "updated": "2026-04-28T09:15:09.684756+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"]}