SB2026032650 - NULL pointer dereference in Linux kernel ipv4
Published: March 26, 2026
Security Bulletin ID
SB2026032650
Severity
Medium
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) NULL pointer dereference (CVE-ID: CVE-2026-23398)
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to a NULL pointer dereference in the icmp_tag_validation function when handling ICMP Fragmentation Needed error messages with a quoted inner IP header containing an unregistered protocol number. A remote attacker can send a specially crafted ICMP packet to cause a kernel panic in softirq context.
Exploitation requires the target system to have ip_no_pmtu_disc set to 3 (hardened PMTU mode).
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/1e4e2f5e48cec0cccaea9815fb9486c084ba41e2
- https://git.kernel.org/stable/c/1f9f2c6d4b2a613b7756fc5679c5116ba2ca0161
- https://git.kernel.org/stable/c/614aefe56af8e13331e50220c936fc0689cf5675
- https://git.kernel.org/stable/c/9647e99d2a617c355d2b378be0ff6d0e848fd579
- https://git.kernel.org/stable/c/b61529c357f1ee4d64836eb142a542d2e7ad67ce
- https://git.kernel.org/stable/c/d938dd5a0ad780c891ea3bc94cae7405f11e618a