CVE-2026-43101 — Vulnetix

CVE-2026-43101 PUBLISHED

In the Linux kernel, the following vulnerability has been resolved: ipv6: ioam: fix potential NULL dereferences in __ioam6_fill_trace_data() We need to check __in6_dev_get() for possible NULL value, as suggested by Yiming Qian. Also add skb_dst_dev_rcu() instead of skb_dst_dev(), and two missing READ_ONCE(). Note that @dev can't be NULL.

EPSS 0.06% · 18.3th percentile

Risk Scores

EPSS Score

0.06%

18.3th percentile

Affected Products

Vendor	Product	Versions
Linux	Linux	*, 6.19.14, 7.0
linux	linux_kernel	5.15, 5.15, 5.15

Timeline

May 6, 2026 CVE Published
May 6, 2026 Security Advisory
May 11, 2026 CVE Updated
May 18, 2026 EPSS Score
May 19, 2026 EPSS Score
May 20, 2026 EPSS Score
May 21, 2026 EPSS Score
May 22, 2026 EPSS Score
May 23, 2026 EPSS Score
May 24, 2026 EPSS Score
May 25, 2026 EPSS Score
May 26, 2026 EPSS Score

References

https://git.kernel.org/stable/c/4198aab6f000b4febb18ea820fea20634dd789c7 url
https://git.kernel.org/stable/c/3719c234fa94c37c955b1ecd3742ef280ec135e6 url
https://git.kernel.org/stable/c/4e65a8b8daa18d63255ec58964dd192c7fdd9f8b url
https://nvd.nist.gov/vuln/detail/CVE-2026-43101 advisory

Open in Interactive Console →