NULL Pointer Dereference in Linux Kernel's Bridge Functionality
CVE-2026-23381

Currently unrated

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
25 March 2026

What is CVE-2026-23381?

A vulnerability exists in the Linux Kernel's bridge component when IPv6 is disabled. If the 'ipv6.disable=1' option is used at boot, the necessary initialization for the Neighbor Discovery table is skipped, leading to a potential NULL pointer dereference when processing ICMPv6 Neighbor Discovery packets. This occurs specifically in situations where Neighbor Suppression is enabled. The vulnerability can result in kernel crashes, undermining system stability and security. Developers have addressed this issue by ensuring that Neighbor Solicitation/Advertisement suppression is disabled when IPv6 is not enabled.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Linux ed842faeb2bd49256f00485402f3113205f91d30 < 7a894eb5de246d79f13105c55a67381039a24d44

Linux ed842faeb2bd49256f00485402f3113205f91d30

Linux ed842faeb2bd49256f00485402f3113205f91d30

References

https://git.kernel.org/stable/c/7a894eb5de246d79f13105c55...
https://git.kernel.org/stable/c/a12cdaa3375f0bd3c8f4e564b...
https://git.kernel.org/stable/c/aa73deb3b6b730ec280d45b3f...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.