{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-23442", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-01-13T15:37:46.018Z", "datePublished": "2026-04-03T15:15:26.851Z", "dateUpdated": "2026-05-11T22:06:59.286Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-11T22:06:59.286Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: add NULL checks for idev in SRv6 paths\n\n__in6_dev_get() can return NULL when the device has no IPv6 configuration\n(e.g. MTU < IPV6_MIN_MTU or after NETDEV_UNREGISTER).\n\nAdd NULL checks for idev returned by __in6_dev_get() in both\nseg6_hmac_validate_skb() and ipv6_srh_rcv() to prevent potential NULL\npointer dereferences."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/ipv6/exthdrs.c", "net/ipv6/seg6_hmac.c"], "versions": [{"version": "1ababeba4a21f3dba3da3523c670b207fb2feb62", "lessThan": "50352fc103928e10e8729abc79a0d05abef26c4d", "status": "affected", "versionType": "git"}, {"version": "1ababeba4a21f3dba3da3523c670b207fb2feb62", "lessThan": "bc9843c39f9932a8b36efd1d362ea00bb88e4e78", "status": "affected", "versionType": "git"}, {"version": "1ababeba4a21f3dba3da3523c670b207fb2feb62", "lessThan": "c5cedee5d97382176573bbe21e1724e737a5eb64", "status": "affected", "versionType": "git"}, {"version": "1ababeba4a21f3dba3da3523c670b207fb2feb62", "lessThan": "a25853c9feea7bbf31d157ff6e004d2d3b4f7f13", "status": "affected", "versionType": "git"}, {"version": "1ababeba4a21f3dba3da3523c670b207fb2feb62", "lessThan": "06413793526251870e20402c39930804f14d59c0", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/ipv6/exthdrs.c", "net/ipv6/seg6_hmac.c"], "versions": [{"version": "4.10", "status": "affected"}, {"version": "0", "lessThan": "4.10", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.136", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.83", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.25", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19.10", "lessThanOrEqual": "6.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.10", "versionEndExcluding": "6.6.136"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.10", "versionEndExcluding": "6.12.83"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.10", "versionEndExcluding": "6.18.25"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.10", "versionEndExcluding": "6.19.10"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.10", "versionEndExcluding": "7.0"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/50352fc103928e10e8729abc79a0d05abef26c4d"}, {"url": "https://git.kernel.org/stable/c/bc9843c39f9932a8b36efd1d362ea00bb88e4e78"}, {"url": "https://git.kernel.org/stable/c/c5cedee5d97382176573bbe21e1724e737a5eb64"}, {"url": "https://git.kernel.org/stable/c/a25853c9feea7bbf31d157ff6e004d2d3b4f7f13"}, {"url": "https://git.kernel.org/stable/c/06413793526251870e20402c39930804f14d59c0"}], "title": "ipv6: add NULL checks for idev in SRv6 paths", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "C9FB8914-AA64-42C8-B1C5-31091B1EAA92", "versionEndExcluding": "6.12.83", "versionStartIncluding": "4.10.1", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "74050944-3704-4081-A5DA-C5DAB1E275E6", "versionEndExcluding": "6.19.10", "versionStartIncluding": "6.13", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:4.10:-:*:*:*:*:*:*", "matchCriteriaId": "C201E405-86F2-4F96-984A-00A865219C86", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "F253B622-8837-4245-BCE5-A7BF8FC76A16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*", "matchCriteriaId": "F666C8D8-6538-46D4-B318-87610DE64C34", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*", "matchCriteriaId": "02259FDA-961B-47BC-AE7F-93D7EC6E90C2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*", "matchCriteriaId": "58A9FEFF-C040-420D-8F0A-BFDAAA1DF258", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*", "matchCriteriaId": "1D2315C0-D46F-4F85-9754-F9E5E11374A6", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc7:*:*:*:*:*:*", "matchCriteriaId": "512EE3A8-A590-4501-9A94-5D4B268D6138", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: add NULL checks for idev in SRv6 paths\n\n__in6_dev_get() can return NULL when the device has no IPv6 configuration\n(e.g. MTU < IPV6_MIN_MTU or after NETDEV_UNREGISTER).\n\nAdd NULL checks for idev returned by __in6_dev_get() in both\nseg6_hmac_validate_skb() and ipv6_srh_rcv() to prevent potential NULL\npointer dereferences."}], "id": "CVE-2026-23442", "lastModified": "2026-04-27T14:16:33.030", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-04-03T16:16:28.423", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/06413793526251870e20402c39930804f14d59c0"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/50352fc103928e10e8729abc79a0d05abef26c4d"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/a25853c9feea7bbf31d157ff6e004d2d3b4f7f13"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/bc9843c39f9932a8b36efd1d362ea00bb88e4e78"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/c5cedee5d97382176573bbe21e1724e737a5eb64"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: ipv6: add NULL checks for idev in SRv6 paths", "id": "2454807", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454807"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-476", "details": ["A flaw was found in the Linux kernel. Missing null pointer checks in the IPv6 Segment Routing (SRv6) implementation, specifically within the `seg6_hmac_validate_skb()` and `ipv6_srh_rcv()` functions, can occur when an IPv6 device lacks proper configuration. This oversight may allow an attacker to trigger a null pointer dereference, potentially leading to a system crash and a Denial of Service (DoS)."], "name": "CVE-2026-23442", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-04-03T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-23442\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-23442\nhttps://lore.kernel.org/linux-cve-announce/2026040314-CVE-2026-23442-fe23@gregkh/T"], "threat_severity": "Moderate"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[1ababeba4a21f3dba3da3523c670b207fb2feb62,a25853c9feea7bbf31d157ff6e004d2d3b4f7f13)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[1ababeba4a21f3dba3da3523c670b207fb2feb62,06413793526251870e20402c39930804f14d59c0)"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "4.10"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[0,4.10)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.19.10,6.20.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[7.0-rc5,*]"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}], "analysis": {"en": {"generated_at": "2026-04-28T21:47:12.298844+00:00", "value": {"mitigation_remediation": ["Apply the kernel update that incorporates the commit adding NULL checks to SRv6 packet handling", "Block or restrict SRv6 traffic on the affected interfaces using firewall rules (e.g., ip6tables or nftables) until the patch can be applied", "If SRv6 functionality is not required, disable the SRv6 module or stack on the host to eliminate the vulnerability while awaiting a kernel update"], "summary": {"action": "Apply Update", "impact": "Denial of Service (Kernel Crash)"}, "threat_synthesis": {"affected_systems": "The flaw applies to any Linux kernel build that predates the commit adding the NULL\u2011check, including older 4.10 releases and all 7.0 release candidate kernels listed in the CPE data. All popular Linux distributions that ship those kernel versions are affected, regardless of vendor, because the patch is part of the upstream Linux kernel source.", "description_and_impact": "The Linux kernel\u2019s IPv6 SRv6 packet handling code contained a null\u2011pointer dereference vulnerability. When __in6_dev_get() returns NULL\u2014such as on a device without IPv6 configuration\u2014the callers seg6_hmac_validate_skb() and ipv6_srh_rcv() failed to check the pointer. An attacker could send a malicious SRv6 packet or otherwise trigger this logic on a vulnerable interface, causing the kernel to crash and the host to reboot, which results in a denial\u2011of\u2011service for all services on the machine.", "risk_and_exploitability": "The CVSS base score of 5.5 marks the vulnerability as moderate, while the EPSS score of <1% indicates a low probability of real\u2011world exploitation. The vulnerability is not flagged in the CISA KEV catalog. The likely attack vector is the delivery of a crafted SRv6 packet over the network; since the bug originates in packet handling logic, an attacker does not need local privileges. Successful exploitation would stop the node from servicing any traffic, but the impact is limited to a service interruption for the compromised machine."}}}}, "created": "2026-04-03T21:13:56.130075+00:00", "updated": "2026-04-28T22:00:14.097184+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"]}