Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

CVE-2026-23398— icmp: fix NULL pointer dereference in icmp_tag_validation()

AI Predicted 7.5 Difficulty: Moderate EPSS 0.12% · P2

Affected Version Matrix 18

VendorProductVersion RangeStatus
LinuxLinux8ed1dc44d3e9e8387a104b1ae8f92e9a3fbf1b1e< 571d9d7b650f02d1e38c01128817868bceac9eddaffected
8ed1dc44d3e9e8387a104b1ae8f92e9a3fbf1b1e< d783fa413c702ff0f8f8bea63f862e28eeaf39e3affected
8ed1dc44d3e9e8387a104b1ae8f92e9a3fbf1b1e< 1f9f2c6d4b2a613b7756fc5679c5116ba2ca0161affected
8ed1dc44d3e9e8387a104b1ae8f92e9a3fbf1b1e< b61529c357f1ee4d64836eb142a542d2e7ad67ceaffected
8ed1dc44d3e9e8387a104b1ae8f92e9a3fbf1b1e< 9647e99d2a617c355d2b378be0ff6d0e848fd579affected
8ed1dc44d3e9e8387a104b1ae8f92e9a3fbf1b1e< d938dd5a0ad780c891ea3bc94cae7405f11e618aaffected
8ed1dc44d3e9e8387a104b1ae8f92e9a3fbf1b1e< 1e4e2f5e48cec0cccaea9815fb9486c084ba41e2affected
8ed1dc44d3e9e8387a104b1ae8f92e9a3fbf1b1e< 614aefe56af8e13331e50220c936fc0689cf5675affected
… +10 more rows
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-23398

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
icmp: fix NULL pointer dereference in icmp_tag_validation()
Source: NVD (National Vulnerability Database)
Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: icmp: fix NULL pointer dereference in icmp_tag_validation() icmp_tag_validation() unconditionally dereferences the result of rcu_dereference(inet_protos[proto]) without checking for NULL. The inet_protos[] array is sparse -- only about 15 of 256 protocol numbers have registered handlers. When ip_no_pmtu_disc is set to 3 (hardened PMTU mode) and the kernel receives an ICMP Fragmentation Needed error with a quoted inner IP header containing an unregistered protocol number, the NULL dereference causes a kernel panic in softirq context. Oops: general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#1] SMP KASAN NOPTI KASAN: null-ptr-deref in range [0x0000000000000010-0x0000000000000017] RIP: 0010:icmp_unreach (net/ipv4/icmp.c:1085 net/ipv4/icmp.c:1143) Call Trace: <IRQ> icmp_rcv (net/ipv4/icmp.c:1527) ip_protocol_deliver_rcu (net/ipv4/ip_input.c:207) ip_local_deliver_finish (net/ipv4/ip_input.c:242) ip_local_deliver (net/ipv4/ip_input.c:262) ip_rcv (net/ipv4/ip_input.c:573) __netif_receive_skb_one_core (net/core/dev.c:6164) process_backlog (net/core/dev.c:6628) handle_softirqs (kernel/softirq.c:561) </IRQ> Add a NULL check before accessing icmp_strict_tag_validation. If the protocol has no registered handler, return false since it cannot perform strict tag validation.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Linux kernel 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞,该漏洞源于icmp_tag_validation函数无条件解引用空指针,可能导致内核崩溃。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
LinuxLinux 8ed1dc44d3e9e8387a104b1ae8f92e9a3fbf1b1e ~ 571d9d7b650f02d1e38c01128817868bceac9edd -
LinuxLinux 3.14 -

II. Public POCs for CVE-2026-23398

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2026-23398

登录查看更多情报信息。

Patches & Fixes for CVE-2026-23398 (6)

Same Patch Batch · Linux · 2026-03-26 · 3 CVEs total

CVE-2026-23397nfnetlink_osf: validate individual option lengths in fingerprints
CVE-2026-23396wifi: mac80211: fix NULL deref in mesh_matches_local()

IV. Related Vulnerabilities

V. Comments for CVE-2026-23398

No comments yet


Leave a comment