NULL pointer dereference in Linux kernel - CVE-2026-53012
Published: June 25, 2026
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to a NULL pointer dereference in IPv6 route handling in the nexthop subsystem when replacing an IPv6 nexthop with an IPv4 nexthop and then performing route lookups. A local user can replace a nexthop with one of a different address family and add an IPv6 route referencing the affected group to cause a denial of service.
How to mitigate CVE-2026-53012
Sources
- https://git.kernel.org/stable/c/29c95185ba32b621fbc3800fb86e7dc3edf5c2be
- https://git.kernel.org/stable/c/613c8f4a501421dd258b07ea614205d4e16ec845
- https://git.kernel.org/stable/c/6275796f22bb382f3e9aa58ed0b4ef7bdad78cb8
- https://git.kernel.org/stable/c/9c2d6770a5f4545a307eb66979bef7656a34d621
- https://git.kernel.org/stable/c/aaac3bed034239e1d75732211d9b05f30b0b4f35
- https://git.kernel.org/stable/c/ad85961004fd4bd2f31209ac4b07612c6cefb9e7
- https://git.kernel.org/stable/c/b3b7e850e1541f0520c4a12ec884255c30427ff6
- https://git.kernel.org/stable/c/ceffe81a0be92afc0cd1340bc8ca46559cce9bb4