HIGHCVE-2026-43101Published Modified CNA Linux
CVE-2026-43101: ipv6: ioam: fix potential NULL dereferences in __ioam6_fill_trace_data()
In the Linux kernel, the following vulnerability has been resolved: ipv6: ioam: fix potential NULL dereferences in __ioam6_fill_trace_data() We need to check __in6_dev_get() for possible NULL value, as suggested by Yiming Qian. Also add skb_dst_dev_rcu() instead of skb_dst_dev(), and two missing READ_ONCE(). Note that @dev can't be NULL.
Metrics
- CVSS v3.1
- 7.5
- Severity
- HIGH
- Fixed in
- 0
- Affected Products
- 2
Fix available
03719c234fa94c37c955b1ecd3742ef280ec135e64198aab6f000b4febb18ea820fea20634dd789c74e65a8b8daa18d63255ec58964dd192c7fdd9f8b6.18.246.19.147.0
Affected packages
- Linux / Linux< 4198aab6f000b4febb18ea820fea20634dd789c7 (from 9ee11f0fff205b4b3df9750bff5e94f97c71b6a0) · < 3719c234fa94c37c955b1ecd3742ef280ec135e6 (from 9ee11f0fff205b4b3df9750bff5e94f97c71b6a0) · < 4e65a8b8daa18d63255ec58964dd192c7fdd9f8b (from 9ee11f0fff205b4b3df9750bff5e94f97c71b6a0)
- Linux / Linux5.15Fixed in 0, 6.18.24, 6.19.14, 7.0
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H