CVE-2026-23293

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2026-23293
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-23293.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2026-23293
Downstream
Published
2026-03-25T10:26:51.160Z
Modified
2026-04-14T03:48:10.209306Z
Summary
net: vxlan: fix nd_tbl NULL dereference when IPv6 is disabled
Details

In the Linux kernel, the following vulnerability has been resolved:

net: vxlan: fix nd_tbl NULL dereference when IPv6 is disabled

When booting with the 'ipv6.disable=1' parameter, the ndtbl is never initialized because inet6init() exits before ndiscinit() is called which initializes it. If an IPv6 packet is injected into the interface, routeshortcircuit() is called and a NULL pointer dereference happens on neigh_lookup().

BUG: kernel NULL pointer dereference, address: 0000000000000380 Oops: Oops: 0000 [#1] SMP NOPTI [...] RIP: 0010:neighlookup+0x20/0x270 [...] Call Trace: <TASK> vxlanxmit+0x638/0x1ef0 [vxlan] devhardstart_xmit+0x9e/0x2e0 __devqueuexmit+0xbee/0x14e0 packet_sendmsg+0x116f/0x1930 __sys_sendto+0x1f5/0x200 __x64syssendto+0x24/0x30 dosyscall64+0x12f/0x1590 entrySYSCALL64afterhwframe+0x76/0x7e

Fix this by adding an early check on routeshortcircuit() when protocol is ETHPIPV6. Note that ipv6mod_enabled() cannot be used here because VXLAN can be built-in even when IPv6 is built as a module.

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/23xxx/CVE-2026-23293.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
e15a00aafa4b7953ad717d3cb1ad7acf4ff76945
Fixed
b5190fcd75a1f1785c766a8d1e44d3938e168f45
Fixed
5f93e6b4d12bd3a4517a6d447ea675f448f21434
Fixed
f0373e9317bc904e7bdb123d3106fe4f3cea2fb7
Fixed
fbbd2118982c55fb9b0a753ae0cf7194e77149fb
Fixed
abcd48ecdeb2e12eccb8339a35534c757782afcd
Fixed
168ff39e4758897d2eee4756977d036d52884c7e

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-23293.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
3.12.0
Fixed
6.1.167
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.130
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.77
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.18.17
Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
6.19.7

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-23293.json"