net: vxlan: fix nd_tbl NULL dereference when IPv6 is disabled

MITRE NVD CVE.ORG JSON API Print: PDF PDF

Summary

CVECVE-2026-23293
StatePUBLISHED
AssignerLinux
Source PriorityCVE Program / NVD first with legacy fallback
Published2026-03-25 11:16:24 UTC
Updated2026-04-18 09:16:17 UTC
DescriptionIn the Linux kernel, the following vulnerability has been resolved: net: vxlan: fix nd_tbl NULL dereference when IPv6 is disabled When booting with the 'ipv6.disable=1' parameter, the nd_tbl is never initialized because inet6_init() exits before ndisc_init() is called which initializes it. If an IPv6 packet is injected into the interface, route_shortcircuit() is called and a NULL pointer dereference happens on neigh_lookup(). BUG: kernel NULL pointer dereference, address: 0000000000000380 Oops: Oops: 0000 [#1] SMP NOPTI [...] RIP: 0010:neigh_lookup+0x20/0x270 [...] Call Trace: <TASK> vxlan_xmit+0x638/0x1ef0 [vxlan] dev_hard_start_xmit+0x9e/0x2e0 __dev_queue_xmit+0xbee/0x14e0 packet_sendmsg+0x116f/0x1930 __sys_sendto+0x1f5/0x200 __x64_sys_sendto+0x24/0x30 do_syscall_64+0x12f/0x1590 entry_SYSCALL_64_after_hwframe+0x76/0x7e Fix this by adding an early check on route_shortcircuit() when protocol is ETH_P_IPV6. Note that ipv6_mod_enabled() cannot be used here because VXLAN can be built-in even when IPv6 is built as a module.

Risk And Classification

EPSS: 0.000320000 probability, percentile 0.090980000 (date 2026-04-18)

Vendor Declared Affected Products

SourceVendorProductVersionPlatforms
CNA Linux Linux affected e15a00aafa4b7953ad717d3cb1ad7acf4ff76945 649e2bb74da54c96cf20729001e283626a2fefa0 git Not specified
CNA Linux Linux affected e15a00aafa4b7953ad717d3cb1ad7acf4ff76945 dc3e62cf3bbf66280a907ec379f373d0c3b8b2bc git Not specified
CNA Linux Linux affected e15a00aafa4b7953ad717d3cb1ad7acf4ff76945 b5190fcd75a1f1785c766a8d1e44d3938e168f45 git Not specified
CNA Linux Linux affected e15a00aafa4b7953ad717d3cb1ad7acf4ff76945 5f93e6b4d12bd3a4517a6d447ea675f448f21434 git Not specified
CNA Linux Linux affected e15a00aafa4b7953ad717d3cb1ad7acf4ff76945 f0373e9317bc904e7bdb123d3106fe4f3cea2fb7 git Not specified
CNA Linux Linux affected e15a00aafa4b7953ad717d3cb1ad7acf4ff76945 fbbd2118982c55fb9b0a753ae0cf7194e77149fb git Not specified
CNA Linux Linux affected e15a00aafa4b7953ad717d3cb1ad7acf4ff76945 abcd48ecdeb2e12eccb8339a35534c757782afcd git Not specified
CNA Linux Linux affected e15a00aafa4b7953ad717d3cb1ad7acf4ff76945 168ff39e4758897d2eee4756977d036d52884c7e git Not specified
CNA Linux Linux affected 3.12 Not specified
CNA Linux Linux unaffected 3.12 semver Not specified
CNA Linux Linux unaffected 5.10.253 5.10.* semver Not specified
CNA Linux Linux unaffected 5.15.203 5.15.* semver Not specified
CNA Linux Linux unaffected 6.1.167 6.1.* semver Not specified
CNA Linux Linux unaffected 6.6.130 6.6.* semver Not specified
CNA Linux Linux unaffected 6.12.77 6.12.* semver Not specified
CNA Linux Linux unaffected 6.18.17 6.18.* semver Not specified
CNA Linux Linux unaffected 6.19.7 6.19.* semver Not specified
CNA Linux Linux unaffected 7.0 * original_commit_for_fix Not specified

References

ReferenceSourceLinkTags
git.kernel.org/stable/c/5f93e6b4d12bd3a4517a6d447ea675f448f21434 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org
git.kernel.org/stable/c/649e2bb74da54c96cf20729001e283626a2fefa0 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org
git.kernel.org/stable/c/168ff39e4758897d2eee4756977d036d52884c7e 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org
git.kernel.org/stable/c/fbbd2118982c55fb9b0a753ae0cf7194e77149fb 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org
git.kernel.org/stable/c/f0373e9317bc904e7bdb123d3106fe4f3cea2fb7 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org
git.kernel.org/stable/c/dc3e62cf3bbf66280a907ec379f373d0c3b8b2bc 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org
git.kernel.org/stable/c/b5190fcd75a1f1785c766a8d1e44d3938e168f45 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org
git.kernel.org/stable/c/abcd48ecdeb2e12eccb8339a35534c757782afcd 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org
CVE Program record CVE.ORG www.cve.org canonical
NVD vulnerability detail NVD nvd.nist.gov canonical, analysis
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report