CVE-2026-43099
HIGH EPSS 38.4%
Published May 6, 20261mo ago · Modified Jun 17, 20261w ago
7.5 CVSS 3.1
Published May 6, 2026 1mo ago
Last Modified Jun 17, 2026 1w ago
Description
In the Linux kernel, the following vulnerability has been resolved: ipv4: icmp: fix null-ptr-deref in icmp_build_probe() ipv6_stub->ipv6_dev_find() may return ERR_PTR(-EAFNOSUPPORT) when the IPv6 stack is not active (CONFIG_IPV6=m and not loaded), and passing this error pointer to dev_hold() will cause a kernel crash with null-ptr-deref. Instead, silently discard the request. RFC 8335 does not appear to define a specific response for the case where an IPv6 interface identifier is syntactically valid but the implementation cannot perform the lookup at runtime, and silently dropping the request may safer than misreporting "No Such Interface".
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High
Threat Intelligence
EPSS Exploit Probability
38.4% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Weaknesses 1
CWE-476 NULL Pointer Dereference Memory Safety
Affected Products 11
| Vendor | Product | Version | Range |
|---|---|---|---|
| linux | linux_kernel | * | ≥5.13 – <6.6.136 |
| linux | linux_kernel | * | ≥6.7 – <6.12.83 |
| linux | linux_kernel | * | ≥6.13 – <6.18.24 |
| linux | linux_kernel | * | ≥6.19 – <6.19.14 |
| linux | linux_kernel | 7.0 | any |
| linux | linux_kernel | 7.0 | any |
| linux | linux_kernel | 7.0 | any |
| linux | linux_kernel | 7.0 | any |
| linux | linux_kernel | 7.0 | any |
| linux | linux_kernel | 7.0 | any |
| linux | linux_kernel | 7.0 | any |
References 7
- git.kernel.org https://git.kernel.org/stable/c/0f21bc261e60f0c696c58841c4873ff77ed83673
- git.kernel.org https://git.kernel.org/stable/c/47a8bf52156ac7e7a581eca31c1f964ba4258d4d
- git.kernel.org https://git.kernel.org/stable/c/5b9911582d441f72fe6ccb15ffe3303bbc07f6f5
- git.kernel.org https://git.kernel.org/stable/c/6be325206850a0891896d38bcf83a09d8b54ec48
- git.kernel.org https://git.kernel.org/stable/c/dc5db4db19766a61ad65d81d1f55b1c1e51ba78d
- git.kernel.org https://git.kernel.org/stable/c/f91b3ed9e7fa82a70511b5f6901c88379acf2964
- git.kernel.org https://git.kernel.org/stable/c/fde29fd9349327acc50d19a0b5f3d5a6c964dfd8
Remediation
- git.kernel.org https://git.kernel.org/stable/c/47a8bf52156ac7e7a581eca31c1f964ba4258d4d
- git.kernel.org https://git.kernel.org/stable/c/5b9911582d441f72fe6ccb15ffe3303bbc07f6f5
- git.kernel.org https://git.kernel.org/stable/c/6be325206850a0891896d38bcf83a09d8b54ec48
- git.kernel.org https://git.kernel.org/stable/c/f91b3ed9e7fa82a70511b5f6901c88379acf2964
- git.kernel.org https://git.kernel.org/stable/c/fde29fd9349327acc50d19a0b5f3d5a6c964dfd8