PatchSiren cyber security CVE debrief
CVE-2026-53012 Linux CVE debrief
A vulnerability in the Linux kernel has been resolved. The issue involves the handling of IPv6 routes referencing IPv4 nexthops. When an IPv6 nexthop is replaced with an IPv4 nexthop, the has_v4 flag of all groups containing this nexthop is not updated, leading to a potential NULL pointer dereference. The fix involves calling nh_group_v4_update whenever the family changes, ensuring that the has_v4 flag is updated correctly. This change prevents IPv6 routes from being attached to groups that effectively contain only AF_INET members, which could cause a NULL pointer dereference during route lookups.
- Vendor
- Linux
- Product
- Unknown
- CVSS
- Unknown
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-24
- Original CVE updated
- 2026-07-10
- Advisory published
- 2026-06-24
- Advisory updated
- 2026-07-10
Who should care
Linux kernel developers and maintainers, network administrators, and users of Linux-based systems should be aware of this vulnerability and ensure that their systems are updated with the latest kernel patches. They should also review system logs for potential issues and verify the update.
Technical summary
The vulnerability is caused by the failure to update the has_v4 flag of all groups containing a nexthop when it is replaced with an IPv4 nexthop. This can lead to IPv6 routes being attached to groups that effectively contain only AF_INET members, causing a NULL pointer dereference when route lookups are performed. The fix involves updating the has_v4 flag whenever the family changes, ensuring that IPv6 routes are not attached to groups with only AF_INET members.
Defensive priority
High
Recommended defensive actions
- Update Linux kernel to the latest version
- Review and apply kernel patches
- Monitor system logs for potential issues
- Review compensating controls for exposed systems while remediation is scheduled and verified
- Check relevant monitoring, detection, and logs for exposed assets that need extra review
- Track exceptions, retest remediated assets, and close the item only after evidence is documented
- Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up
Evidence notes
The vulnerability was reported by syzbot and has been resolved by calling nh_group_v4_update whenever the family changes, not just AF_INET to AF_INET6. This change ensures that the has_v4 flag of all groups containing a nexthop is updated correctly, preventing a potential NULL pointer dereference. Linux kernel developers should verify the update and review system logs for potential issues. The fix addresses the issue by updating the has_v4 flag when replacing an IPv6 nexthop with an IPv4 nexthop, which prevents IPv6 routes from being attached to groups that effectively contain only AF_INET members.
Official resources
-
CVE-2026-53012 CVE record
CVE.org
-
CVE-2026-53012 NVD detail
NVD
-
Source item URL
nvd_modified
-
Source reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67
-
Source reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67
-
Source reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67
-
Source reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67
-
Source reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67
-
Source reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67
-
Source reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-06-24T17:17:12.433Z and has not been modified since then.