CVE-2026-23398
In the Linux kernel, the following vulnerability has been resolved: icmp: fix NULL pointer dereference in icmp_tag_validation() icmp_tag_validation() unconditionally dereferences the result of rcu_dereference(inet_protos[proto]) without checking for NULL. The inet_protos[] array is sparse -- only about 15 of 256 protocol numbers have registered handlers. When ip_no_pmtu_disc is set to 3 (hardened PMTU mode) and the kernel receives an ICMP Fragmentation Needed error with a quoted inner IP header containing an unregistered protocol number, the NULL dereference causes a kernel panic in softirq context. Oops: general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#1] SMP KASAN NOPTI KASAN: null-ptr-deref in range [0x0000000000000010-0x0000000000000017] RIP: 0010:icmp_unreach (net/ipv4/icmp.c:1085 net/ipv4/icmp.c:1143) Call Trace: <IRQ> icmp_rcv (net/ipv4/icmp.c:1527) ip_protocol_deliver_rcu (net/ipv4/ip_input.c:207) ip_local_deliver_finish (net/ipv4/ip_input.c:242) ip_local_deliver (net/ipv4/ip_input.c:262) ip_rcv (net/ipv4/ip_input.c:573) __netif_receive_skb_one_core (net/core/dev.c:6164) process_backlog (net/core/dev.c:6628) handle_softirqs (kernel/softirq.c:561) </IRQ> Add a NULL check before accessing icmp_strict_tag_validation. If the protocol has no registered handler, return false since it cannot perform strict tag validation.
EPSS 0.03% · 9.5th percentile
Risk Scores
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux | *, 6.1.167, 6.6.130 |
| linux | linux_kernel | 3.14, 3.14, 3.14 |
Timeline
- Mar 26, 2026 CVE Published
- Mar 27, 2026 Coalition ESS Score
- Mar 29, 2026 Security Advisory
- Mar 31, 2026 Security Advisory
- Mar 31, 2026 Security Advisory
- Mar 31, 2026 Security Advisory
- Mar 31, 2026 Security Advisory
- Mar 31, 2026 Security Advisory
- Mar 31, 2026 Security Advisory
- Mar 31, 2026 Security Advisory
- Mar 31, 2026 Security Advisory
- Mar 31, 2026 Security Advisory
References
- https://git.kernel.org/stable/c/1f9f2c6d4b2a613b7756fc5679c5116ba2ca0161 url
- https://git.kernel.org/stable/c/b61529c357f1ee4d64836eb142a542d2e7ad67ce url
- https://git.kernel.org/stable/c/9647e99d2a617c355d2b378be0ff6d0e848fd579 url
- https://git.kernel.org/stable/c/d938dd5a0ad780c891ea3bc94cae7405f11e618a url
- https://git.kernel.org/stable/c/1e4e2f5e48cec0cccaea9815fb9486c084ba41e2 url
- https://git.kernel.org/stable/c/614aefe56af8e13331e50220c936fc0689cf5675 url
- https://nvd.nist.gov/vuln/detail/CVE-2026-23398 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32748 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-4438 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23347 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23268 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23392 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23319 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23253 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23296 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23364 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23368 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27654 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-30922 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23286 advisory
…and 213 more