CVE-2026-23442 PUBLISHED

ipv6: add NULL checks for idev in SRv6 paths

Assigner: Linux
Reserved: 13.01.2026 Published: 03.04.2026 Updated: 03.04.2026

In the Linux kernel, the following vulnerability has been resolved:

ipv6: add NULL checks for idev in SRv6 paths

__in6_dev_get() can return NULL when the device has no IPv6 configuration (e.g. MTU < IPV6_MIN_MTU or after NETDEV_UNREGISTER).

Add NULL checks for idev returned by __in6_dev_get() in both seg6_hmac_validate_skb() and ipv6_srh_rcv() to prevent potential NULL pointer dereferences.

Product Status

Vendor	Linux
Product	Linux
Versions	Default: unaffected affected from 1ababeba4a21f3dba3da3523c670b207fb2feb62 to a25853c9feea7bbf31d157ff6e004d2d3b4f7f13 (excl.) affected from 1ababeba4a21f3dba3da3523c670b207fb2feb62 to 06413793526251870e20402c39930804f14d59c0 (excl.)

Vendor	Linux
Product	Linux
Versions	Default: affected Version 4.10 is affected unaffected from 0 to 4.10 (excl.) unaffected from 6.19.10 to 6.19.* (incl.) unaffected from 7.0-rc5 to * (incl.)

CVE-2026-23442 PUBLISHED

ipv6: add NULL checks for idev in SRv6 paths

Product Status

References