Network Device Vulnerability in Linux Kernel by Linux Foundation
CVE-2026-52925

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 24 June 2026

What is CVE-2026-52925?

A vulnerability in the network device management of the Linux Kernel can lead to a null pointer dereference (NPD) under certain conditions. When a port is removed from a Virtual Routing and Forwarding (VRF) instance, assumptions made by RCU (Read-Copy-Update) readers could be violated, resulting in potential crashes or unpredictable behavior. This occurs when a reader that identifies a net device as a VRF port continues operations assuming the VRF device will remain constant, which isn't guaranteed during removal operations. The vulnerability has been addressed by introducing proper RCU synchronization protocols to ensure that the system behavior remains stable when ports are dynamically altered.

Affected Version(s)

Linux fdeea7be88b12742bfd50d9e19a06c0d2e702400 < 2c022f582fd16a470df6ed9e7fb7e9fc48946d49

Linux fdeea7be88b12742bfd50d9e19a06c0d2e702400 < 4ab6fc60ed5a0344b60711b09bff1dc238d8d6a4

Linux fdeea7be88b12742bfd50d9e19a06c0d2e702400 < 468defa0b70902a22f4478c1207624bc1b31c124

References

https://git.kernel.org/stable/c/2c022f582fd16a470df6ed9e7...

https://git.kernel.org/stable/c/4ab6fc60ed5a0344b60711b09...

https://git.kernel.org/stable/c/468defa0b70902a22f4478c12...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 24, 2026
Vulnerability Reserved
Jun 9, 2026

CVE-2026-52925 Data

JSON