SB2026021684 - NULL pointer dereference in Linux kernel sctp
Published: February 16, 2026
Security Bulletin ID
SB2026021684
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) NULL pointer dereference (CVE-ID: CVE-2026-23125)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the sctp_sf_do_5_1C_ack() function in net/sctp/sm_statefuns.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/0c4adb1f391a7b92a0405e9d7c05624c0d9f8a65
- https://git.kernel.org/stable/c/5a309bedf02ee08b0653215f06c94d61ec7a214a
- https://git.kernel.org/stable/c/784428ab1889eb185a1459e9d6bc52df33d572ef
- https://git.kernel.org/stable/c/a80c9d945aef55b23b54838334345f20251dad83
- https://git.kernel.org/stable/c/bf2b543b3cc4ebb4ab5bca4f8dfa5612035d45b8
- https://git.kernel.org/stable/c/e7e81abbcc5620c9532080538f9709a6ea382855
- https://git.kernel.org/stable/c/e94294798548e8cfbd80869e1d2f97efce92582c