PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-53012 Linux CVE debrief

A vulnerability in the Linux kernel has been resolved. The issue involves the handling of IPv6 routes referencing IPv4 nexthops. When an IPv6 nexthop is replaced with an IPv4 nexthop, the has_v4 flag of all groups containing this nexthop is not updated, leading to a potential NULL pointer dereference. The fix involves calling nh_group_v4_update whenever the family changes, ensuring that the has_v4 flag is updated correctly. This change prevents IPv6 routes from being attached to groups that effectively contain only AF_INET members, which could cause a NULL pointer dereference during route lookups.

Vendor
Linux
Product
Unknown
CVSS
Unknown
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-24
Original CVE updated
2026-07-10
Advisory published
2026-06-24
Advisory updated
2026-07-10

Who should care

Linux kernel developers and maintainers, network administrators, and users of Linux-based systems should be aware of this vulnerability and ensure that their systems are updated with the latest kernel patches. They should also review system logs for potential issues and verify the update.

Technical summary

The vulnerability is caused by the failure to update the has_v4 flag of all groups containing a nexthop when it is replaced with an IPv4 nexthop. This can lead to IPv6 routes being attached to groups that effectively contain only AF_INET members, causing a NULL pointer dereference when route lookups are performed. The fix involves updating the has_v4 flag whenever the family changes, ensuring that IPv6 routes are not attached to groups with only AF_INET members.

Defensive priority

High

Recommended defensive actions

  • Update Linux kernel to the latest version
  • Review and apply kernel patches
  • Monitor system logs for potential issues
  • Review compensating controls for exposed systems while remediation is scheduled and verified
  • Check relevant monitoring, detection, and logs for exposed assets that need extra review
  • Track exceptions, retest remediated assets, and close the item only after evidence is documented
  • Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up

Evidence notes

The vulnerability was reported by syzbot and has been resolved by calling nh_group_v4_update whenever the family changes, not just AF_INET to AF_INET6. This change ensures that the has_v4 flag of all groups containing a nexthop is updated correctly, preventing a potential NULL pointer dereference. Linux kernel developers should verify the update and review system logs for potential issues. The fix addresses the issue by updating the has_v4 flag when replacing an IPv6 nexthop with an IPv4 nexthop, which prevents IPv6 routes from being attached to groups that effectively contain only AF_INET members.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-06-24T17:17:12.433Z and has not been modified since then.