CVE-2026-43099
HIGH SEVERITYCVSS Score & Metrics
Base Score
7.5 / 10
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved:
ipv4: icmp: fix null-ptr-deref in icmp_build_probe()
ipv6_stub->ipv6_dev_find() may return ERR_PTR(-EAFNOSUPPORT) when the
IPv6 stack is not active (CONFIG_IPV6=m and not loaded), and passing
this error pointer to dev_hold() will cause a kernel crash with
null-ptr-deref.
Instead, silently discard the request. RFC 8335 does not appear to
define a specific response for the case where an IPv6 interface
identifier is syntactically valid but the implementation cannot perform
the lookup at runtime, and silently dropping the request may safer than
misreporting "No Such Interface".
ipv4: icmp: fix null-ptr-deref in icmp_build_probe()
ipv6_stub->ipv6_dev_find() may return ERR_PTR(-EAFNOSUPPORT) when the
IPv6 stack is not active (CONFIG_IPV6=m and not loaded), and passing
this error pointer to dev_hold() will cause a kernel crash with
null-ptr-deref.
Instead, silently discard the request. RFC 8335 does not appear to
define a specific response for the case where an IPv6 interface
identifier is syntactically valid but the implementation cannot perform
the lookup at runtime, and silently dropping the request may safer than
misreporting "No Such Interface".
Vulnerability Details
Published Date
Last Modified
CWE ID
CWE-476
Source
NVD
Vendor
Linux
Product
Linux
External References
- https://git.kernel.org/stable/c/47a8bf52156ac7e7a581eca31c1f964ba4258d4d
- https://git.kernel.org/stable/c/5b9911582d441f72fe6ccb15ffe3303bbc07f6f5
- https://git.kernel.org/stable/c/6be325206850a0891896d38bcf83a09d8b54ec48
- https://git.kernel.org/stable/c/f91b3ed9e7fa82a70511b5f6901c88379acf2964
- https://git.kernel.org/stable/c/fde29fd9349327acc50d19a0b5f3d5a6c964dfd8
Discussion (0)
Add Comment
No comments yet. Be the first!