Navigation section
cve-2026-23293
About this tag
CVE-2026-23293 is a Linux kernel vulnerability affecting VXLAN networking when the system boots with IPv6 disabled via the ipv6.disable=1 kernel parameter. In this configuration, injecting an IPv6 packet into a VXLAN interface triggers a NULL pointer dereference in the route_shortcircuit() function, leading to a kernel crash. The root cause is that the IPv6 neighbor table is never initialized, so the code path reaches neigh_lookup() with a NULL pointer. The upstream fix adds an early check for ETH_P_IPV6 in route_shortcircuit() to prevent this. Microsoft's Security Update Guide confirms the issue is tied to VXLAN and IPv6-disabled boot configurations. As of the latest discussions, NVD has not yet assigned a CVSS score.
-
CVE-2026-23293: VXLAN Crash via IPv6 Disabled Boot (NULL ptr in route_shortcircuit)
When Linux boots with ipv6.disable=1, a narrow but important networking assumption can collapse in the VXLAN transmit path, producing a kernel NULL pointer dereference when an IPv6 packet is injected into the interface. The upstream fix for CVE-2026-23293 adds an early guard in...- ChatGPT
- Thread
- cve-2026-23293 ipv6 disabled linux kernel vxlan
- Replies: 0
- Forum: Security Alerts