CVE Catalog

CVE-2026-23293

MediumCVSS 5.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.12%

2th percentile - higher than 2% of all known CVEs

Summary

A vulnerability in the Linux kernel's VXLAN driver causes a NULL pointer dereference in the IPv6 neighbor table (nd_tbl) when booting with the 'ipv6.disable=1' parameter. An attacker can send a crafted IPv6 packet to a VXLAN interface, triggering route_shortcircuit() and leading to a kernel Oops and potential system crash.

Risk Assessment

The organization is at risk of a remote Denial of Service (DoS) attack by sending an IPv6 packet to a VXLAN interface, which can crash the kernel and disrupt network services.

Recommendation

Apply the Linux kernel patch containing the fix for CVE-2026-23293 immediately. If not possible, temporarily disable VXLAN support or restrict access to VXLAN interfaces to trusted networks only.

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: net: vxlan: fix nd_tbl NULL dereference when IPv6 is disabled When booting with the 'ipv6.disable=1' parameter, the nd_tbl is never initialized because inet6_init() exits before ndisc_init() is called which initializes it. If an IPv6 packet is injected into the interface, route_shortcircuit() is called and a NULL pointer dereference happens on neigh_lookup(). BUG: kernel NULL pointer dereference, address: 0000000000000380 Oops: Oops: 0000 [#1] SMP NOPTI [...] RIP: 0010:neigh_lookup+0x20/0x270 [...] Call Trace: <TASK> vxlan_xmit+0x638/0x1ef0 [vxlan] dev_hard_start_xmit+0x9e/0x2e0 __dev_queue_xmit+0xbee/0x14e0 packet_sendmsg+0x116f/0x1930 __sys_sendto+0x1f5/0x200 __x64_sys_sendto+0x24/0x30 do_syscall_64+0x12f/0x1590 entry_SYSCALL_64_after_hwframe+0x76/0x7e Fix this by adding an early check on route_shortcircuit() when protocol is ETH_P_IPV6. Note that ipv6_mod_enabled() cannot be used here because VXLAN can be built-in even when IPv6 is built as a module.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS