CVE-2026-43099
7.5 HIGHIn the Linux kernel, the following vulnerability has been resolved: ipv4: icmp: fix null-ptr-deref in icmp_build_probe() ipv6_stub->ipv...
Published: 2026-05-06 · Last updated: 2026-06-01
Severity and scoring
- CVSS
- 7.5 HIGH
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
- CWE
- CWE-476
Affected products
| Vendor | Product |
|---|---|
| linux | linux_kernel |
Description
In the Linux kernel, the following vulnerability has been resolved: ipv4: icmp: fix null-ptr-deref in icmp_build_probe() ipv6_stub->ipv6_dev_find() may return ERR_PTR(-EAFNOSUPPORT) when the IPv6 stack is not active (CONFIG_IPV6=m and not loaded), and passing this error pointer to dev_hold() will cause a kernel crash with null-ptr-deref. Instead, silently discard the request. RFC 8335 does not appear to define a specific response for the case where an IPv6 interface identifier is syntactically valid but the implementation cannot perform the lookup at runtime, and silently dropping the request may safer than misreporting "No Such Interface".
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-43099
- [Other]https://git.kernel.org/stable/c/0f21bc261e60f0c696c58841c4873ff77ed83673
- [Patch]https://git.kernel.org/stable/c/47a8bf52156ac7e7a581eca31c1f964ba4258d4d
- [Patch]https://git.kernel.org/stable/c/5b9911582d441f72fe6ccb15ffe3303bbc07f6f5
- [Patch]https://git.kernel.org/stable/c/6be325206850a0891896d38bcf83a09d8b54ec48
- [Other]https://git.kernel.org/stable/c/dc5db4db19766a61ad65d81d1f55b1c1e51ba78d
- [Patch]https://git.kernel.org/stable/c/f91b3ed9e7fa82a70511b5f6901c88379acf2964
- [Patch]https://git.kernel.org/stable/c/fde29fd9349327acc50d19a0b5f3d5a6c964dfd8
Related CVEs
Same vendor
- CVE-2026-46273 — In the Linux kernel, the following vulnerability has been resolved: ibmveth: Disable GSO for packets with small MSS Some physical adapt... (8.6 HIGH)
- CVE-2026-46272 — In the Linux kernel, the following vulnerability has been resolved: coresight: tmc-etr: Fix race condition between sysfs and perf mode ... (4.7 MEDIUM)
- CVE-2026-46271 — In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: do WoW offloads only on primary link In case of multi... (7.8 HIGH)
- CVE-2026-46270 — In the Linux kernel, the following vulnerability has been resolved: power: supply: rt9455: Fix use-after-free in power_supply_changed() ... (8.4 HIGH)
- CVE-2026-46269 — In the Linux kernel, the following vulnerability has been resolved: pinctrl: canaan: k230: Fix NULL pointer dereference when parsing dev... (5.5 MEDIUM)
Same CWE
- CVE-2026-12329 — Memory safety bug fixed in Thunderbird ESR 140.12 (5.3 MEDIUM)
- CVE-2025-70102 — A NULL pointer dereference occurs in Roy Marples NetworkConfiguration/dhcpcd 10.3.0 while parsing configuration options (6.3 MEDIUM)
- CVE-2025-55663 — A segmentation violation in the Track_SetStreamDescriptor function (isomedia/track.c) of GPAC MP4Box v2.4 allows attackers to cause a Den... (5.5 MEDIUM)
- CVE-2025-55649 — A NULL pointer dereference in the gf_media_map_esd function (media_tools/isom_tools.c) of GPAC MP4Box v2.4 allows attackers to cause a De... (5.5 MEDIUM)
- CVE-2025-55643 — A NULL pointer dereference in the TrackWriter handling component (filters/mux_isom.c) of GPAC MP4Box v2.4 allows attackers to cause a Den... (5.5 MEDIUM)