← Back

CVE-2026-23098

nvd nist
Published: Feb 4, 2026Modified: Apr 3, 2026

JSON object

Loading...
7.8
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 1.8 / Impact: 5.9
Source: NVD

Description

In the Linux kernel, the following vulnerability has been resolved: netrom: fix double-free in nr_route_frame() In nr_route_frame(), old_skb is immediately freed without checking if nr_neigh->ax25 pointer is NULL. Therefore, if nr_neigh->ax25 is NULL, the caller function will free old_skb again, causing a double-free bug. Therefore, to prevent this, we need to modify it to check whether nr_neigh->ax25 is NULL before freeing old_skb.

Affected (17)

Products: Linux: Linux Kernel
Linux
1 product
Linux Kernel
Configuration A
17 vulnerable
Vulnerable SoftwareAffected Versions
Linux
Linux Kernel
From 2.6.12.1 to 5.10.249
Linux Kernel
From 5.11 to 5.15.199
Linux Kernel
From 5.16 to 6.1.162
Linux Kernel
From 6.13 to 6.18.8
Linux Kernel
From 6.2 to 6.6.122
Linux Kernel
From 6.7 to 6.12.68
Linux Kernel
Version 2.6.12
Linux Kernel
Version 2.6.12 rc2
Linux Kernel
Version 2.6.12 rc3
Linux Kernel
Version 2.6.12 rc4
Linux Kernel
Version 2.6.12 rc5
Linux Kernel
Version 6.19 rc1
Linux Kernel
Version 6.19 rc2
Linux Kernel
Version 6.19 rc3
Linux Kernel
Version 6.19 rc4
Linux Kernel
Version 6.19 rc5
Linux Kernel
Version 6.19 rc6

Related CWEs

CWE-415
Double Free
The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.

References (7)

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch

Timeline

No history available yet.