HOMEVULNERABILITIESCVE-2026-23381
NONE

CVE-2026-23381

Published: March 25, 2026· Updated: Mar 25, 2026

EPSS:0.02%probability of exploitation in 30 daysPercentile:6.5th

Official Description

In the Linux kernel, the following vulnerability has been resolved:

net: bridge: fix nd_tbl NULL dereference when IPv6 is disabled

When booting with the 'ipv6.disable=1' parameter, the nd_tbl is never

initialized because inet6_init() exits before ndisc_init() is called

which initializes it. Then, if neigh_suppress is enabled and an ICMPv6

Neighbor Discovery packet reaches the bridge, br_do_suppress_nd() will

dereference ipv6_stub->nd_tbl which is NULL, passing it to

neigh_lookup(). This causes a kernel NULL pointer dereference.

BUG: kernel NULL pointer dereference, address: 0000000000000268

Oops: 0000 [#1] PREEMPT SMP NOPTI

[...]

RIP: 0010:neigh_lookup+0x16/0xe0

[...]

Call Trace:

<IRQ>

? neigh_lookup+0x16/0xe0

br_do_suppress_nd+0x160/0x290 [bridge]

br_handle_frame_finish+0x500/0x620 [bridge]

br_handle_frame+0x353/0x440 [bridge]

__netif_receive_skb_core.constprop.0+0x298/0x1110

__netif_receive_skb_one_core+0x3d/0xa0

process_backlog+0xa0/0x140

__napi_poll+0x2c/0x170

net_rx_action+0x2c4/0x3a0

handle_softirqs+0xd0/0x270

do_softirq+0x3f/0x60

Fix this by replacing IS_ENABLED(IPV6) call with ipv6_mod_enabled() in

the callers. This is in essence disabling NS/NA suppression when IPv6 is

disabled.

NVD Source

Technical Analysis

CVE-2026-23381 requires local access, meaning attackers must already have a foothold on the target system.

Exploitation requires some privileges, which limits the exposure to scenarios where an attacker has already gained initial access.

Affected Vendors & Products

Mentioned vendors (from description):
Linux
CPE data not yet available in NVD for this CVE.

Exploit & PoC Resources

NO KNOWN EXPLOITNo public exploit confirmed at this time
External links open in a new tab. Always verify in a controlled environment before use.

All References (6)

Quick Facts

CVE IDCVE-2026-23381
SeverityNONE
CISA KEVNo
EPSS (30d)0.02%
PublishedMar 25, 2026

Recommended Actions

  • Apply vendor patches immediately
  • Monitor CVE-2026-23381 in threat intel feeds
  • Review IDS/IPS signatures for exploitation attempts
Data sourced from NVD (NIST), CISA KEV, and EPSS (FIRST). Analysis generated by CTIWATCH.COM. CVE data is provided under the NVD usage policy.