Double-Free Vulnerability in Linux Kernel Network Routing
CVE-2026-23098

Currently unrated

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
4 February 2026

What is CVE-2026-23098?

A vulnerability in the Linux kernel's network routing code was identified, where a double-free error can occur within the nr_route_frame() function. This issue arises when the function attempts to free an object (old_skb) without verifying if the associated pointer (nr_neigh->ax25) is set to NULL. If this pointer is NULL, the system can inadvertently attempt to free the same memory location again, which may lead to unexpected behavior or system instability. A modification has been implemented to ensure that the pointer is checked before freeing the memory, mitigating the potential for this double-free vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 25aab6bfc31017a7e52035b99aef5c2b6bde8ffb

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 6e0110ea90313b7c0558a0b77038274a6821caf8

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 7c48fdf2d1349bb54815b56fb012b9d577707708

References

https://git.kernel.org/stable/c/25aab6bfc31017a7e52035b99...
https://git.kernel.org/stable/c/6e0110ea90313b7c0558a0b77...
https://git.kernel.org/stable/c/7c48fdf2d1349bb54815b56fb...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.