PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-23442 Linux CVE debrief

A NULL pointer dereference vulnerability exists in the Linux kernel's IPv6 Segment Routing (SRv6) implementation. The function `__in6_dev_get()` can return NULL when a network device lacks IPv6 configuration, such as when the MTU is below `IPV6_MIN_MTU` or during `NETDEV_UNREGISTER` processing. Two SRv6 code paths—`seg6_hmac_validate_skb()` and `ipv6_srh_rcv()`—failed to validate the returned `idev` pointer before use, leading to potential kernel crashes. The vulnerability was resolved by adding explicit NULL checks in both functions. The issue affects Linux kernel versions from 4.10.1 through 6.12.82, 6.13 through 6.19.9, and pre-release 7.0-rc kernels. Patches are available via the stable kernel tree.

Vendor
Linux
Product
Unknown
CVSS
MEDIUM 5.5
CISA KEV
Not listed in stored evidence
Original CVE published
2026-04-03
Original CVE updated
2026-06-01
Advisory published
2026-04-03
Advisory updated
2026-06-01

Who should care

Linux system administrators, kernel maintainers, and network operators deploying SRv6 infrastructure.

Technical summary

The Linux kernel's SRv6 implementation in `seg6_hmac_validate_skb()` and `ipv6_srh_rcv()` calls `__in6_dev_get()` without checking for a NULL return. When a device has no IPv6 configuration (MTU too low or unregistered), this causes a NULL pointer dereference. The fix adds NULL checks before dereferencing `idev` in both functions.

Defensive priority

medium

Recommended defensive actions

  • Apply the latest stable kernel patches for affected versions (4.10.1–6.12.82, 6.13–6.19.9, and 7.0-rc series).
  • Verify kernel version and confirm patch presence via distribution security advisories.
  • Monitor systems for unexpected kernel panics or crashes on hosts processing SRv6 traffic.
  • Restrict untrusted local access where feasible, as exploitation requires local privileges per CVSS vector.

Evidence notes

CVE description confirms NULL pointer dereference in SRv6 paths. NVD CPE data specifies affected kernel version ranges. Multiple kernel.org stable commits tagged as patches. CVSS 3.1 vector AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H yields score 5.5 (MEDIUM). CWE-476 (NULL Pointer Dereference) assigned by NVD.

Official resources

public