The Linux kernel contains a compatibility bug in SRv6 path handling where the function __in6_dev_get() can return NULL if a device lacks IPv6 configuration, such as when its MTU is below the minimum required value or after the device has been unregistered. In the current code, seg6_hmac_validate_skb() and ipv6_srh_rcv() use that value without checking for NULL, which can lead to a null‑pointer dereference during packet processing. The result of the dereference is a kernel panic that causes a system reboot or prolonged downtime, but it does not enable arbitrary code execution.

All Linux kernel releases that do not contain the patch adding NULL checks to __in6_dev_get() before it is used in SRv6 packet handling are affected. This includes every kernel version prior to the commit that introduced the change, and therefore any production system running an unpatched kernel. No specific vendor or product version list is available beyond the Linux kernel as a whole.

The CVSS score for this issue is not supplied, and there is no EPSS data or CISA KEV listing. While the advisory does not provide explicit proof of exploitation, it is reasonable to infer that an attacker who can send SRv6-enabled IPv6 packets to the target can trigger the vulnerable code paths. Successful exploitation would cause a kernel panic or crash, leading to a denial‑of‑service condition on the affected host. The vulnerability is therefore primarily a local or remote denial of service stemming from a NULL pointer dereference.