Linux Kernel Vulnerability Affecting IPv6 Implementation
CVE-2026-43101

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 6 May 2026

What is CVE-2026-43101?

This vulnerability in the Linux kernel pertains to the IPv6 implementation and specifically involves potential NULL dereferences within the IOAM (In-situ Operations, Administration, and Maintenance) trace data functionality. The issue arises from the lack of checks for NULL values in the __in6_dev_get() function, which can potentially lead to unexpected behavior or crashes in the system. The resolution involves implementing checks to ensure that the device pointer is not NULL, thereby enhancing the stability and security of the IPv6 stack. Additionally, the integration of skb_dst_dev_rcu() is recommended over skb_dst_dev() to improve data handling, along with the inclusion of missing READ_ONCE() operations to ensure memory safety. Addressing these factors ensures that the Linux kernel's IPv6 implementation remains robust and secure against exploit attempts.

Affected Version(s)

Linux 9ee11f0fff205b4b3df9750bff5e94f97c71b6a0 < 4198aab6f000b4febb18ea820fea20634dd789c7

Linux 9ee11f0fff205b4b3df9750bff5e94f97c71b6a0 < 3719c234fa94c37c955b1ecd3742ef280ec135e6

Linux 9ee11f0fff205b4b3df9750bff5e94f97c71b6a0 < 4e65a8b8daa18d63255ec58964dd192c7fdd9f8b

References

https://git.kernel.org/stable/c/4198aab6f000b4febb18ea820...

https://git.kernel.org/stable/c/3719c234fa94c37c955b1ecd3...

https://git.kernel.org/stable/c/4e65a8b8daa18d63255ec5896...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 6, 2026
Vulnerability Reserved
May 1, 2026

CVE-2026-43101 Data

JSON