Description
In the Linux kernel, the following vulnerability has been resolved:

ipv6: add NULL checks for idev in SRv6 paths

__in6_dev_get() can return NULL when the device has no IPv6 configuration
(e.g. MTU < IPV6_MIN_MTU or after NETDEV_UNREGISTER).

Add NULL checks for idev returned by __in6_dev_get() in both
seg6_hmac_validate_skb() and ipv6_srh_rcv() to prevent potential NULL
pointer dereferences.
Published: 2026-04-03
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service (Kernel Crash)
Action: Apply Update
AI Analysis

Impact

The Linux kernel’s IPv6 SRv6 packet handling code contained a null‑pointer dereference vulnerability. When __in6_dev_get() returns NULL—such as on a device without IPv6 configuration—the callers seg6_hmac_validate_skb() and ipv6_srh_rcv() failed to check the pointer. An attacker could send a malicious SRv6 packet or otherwise trigger this logic on a vulnerable interface, causing the kernel to crash and the host to reboot, which results in a denial‑of‑service for all services on the machine.

Affected Systems

The flaw applies to any Linux kernel build that predates the commit adding the NULL‑check, including older 4.10 releases and all 7.0 release candidate kernels listed in the CPE data. All popular Linux distributions that ship those kernel versions are affected, regardless of vendor, because the patch is part of the upstream Linux kernel source.

Risk and Exploitability

The CVSS base score of 5.5 marks the vulnerability as moderate, while the EPSS score of <1% indicates a low probability of real‑world exploitation. The vulnerability is not flagged in the CISA KEV catalog. The likely attack vector is the delivery of a crafted SRv6 packet over the network; since the bug originates in packet handling logic, an attacker does not need local privileges. Successful exploitation would stop the node from servicing any traffic, but the impact is limited to a service interruption for the compromised machine.

Generated by OpenCVE AI on April 28, 2026 at 21:47 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the kernel update that incorporates the commit adding NULL checks to SRv6 packet handling
  • Block or restrict SRv6 traffic on the affected interfaces using firewall rules (e.g., ip6tables or nftables) until the patch can be applied
  • If SRv6 functionality is not required, disable the SRv6 module or stack on the host to eliminate the vulnerability while awaiting a kernel update

Generated by OpenCVE AI on April 28, 2026 at 21:47 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DSA Debian DSA DSA-6238-1 linux security update
History

Mon, 27 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
References

Thu, 23 Apr 2026 21:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:o:linux:linux_kernel:4.10:-:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc7:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

 cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

Wed, 22 Apr 2026 12:45:00 +0000

Type Values Removed Values Added
References

Sat, 04 Apr 2026 01:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 cvssV3_1

{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

threat_severity

Moderate

Fri, 03 Apr 2026 21:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-476

Fri, 03 Apr 2026 16:30:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: ipv6: add NULL checks for idev in SRv6 paths __in6_dev_get() can return NULL when the device has no IPv6 configuration (e.g. MTU < IPV6_MIN_MTU or after NETDEV_UNREGISTER). Add NULL checks for idev returned by __in6_dev_get() in both seg6_hmac_validate_skb() and ipv6_srh_rcv() to prevent potential NULL pointer dereferences.
Title ipv6: add NULL checks for idev in SRv6 paths
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-11T22:06:59.286Z

Reserved: 2026-01-13T15:37:46.018Z

Link: CVE-2026-23442

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2026-04-03T16:16:28.423

Modified: 2026-04-27T14:16:33.030

Link: CVE-2026-23442

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-04-03T00:00:00Z

Links: CVE-2026-23442 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T22:00:14Z

Weaknesses