CVE-2026-23098

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2026-23098
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-23098.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2026-23098
Downstream
Published
2026-02-04T16:08:20.692Z
Modified
2026-03-20T12:47:23.288224Z
Summary
netrom: fix double-free in nr_route_frame()
Details

In the Linux kernel, the following vulnerability has been resolved:

netrom: fix double-free in nrrouteframe()

In nrrouteframe(), oldskb is immediately freed without checking if nrneigh->ax25 pointer is NULL. Therefore, if nrneigh->ax25 is NULL, the caller function will free oldskb again, causing a double-free bug.

Therefore, to prevent this, we need to modify it to check whether nrneigh->ax25 is NULL before freeing oldskb.

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/23xxx/CVE-2026-23098.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Fixed
25aab6bfc31017a7e52035b99aef5c2b6bde8ffb
Fixed
6e0110ea90313b7c0558a0b77038274a6821caf8
Fixed
7c48fdf2d1349bb54815b56fb012b9d577707708
Fixed
bd8955337e3764f912f49b360e176d8aaecf7016
Fixed
94d1a8bd08af1f4cc345c5c29f5db1ea72b8bb8c
Fixed
9f5fa78d9980fe75a69835521627ab7943cb3d67
Fixed
ba1096c315283ee3292765f6aea4cca15816c4f7

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-23098.json"