Description

In the Linux kernel, the following vulnerability has been resolved: netrom: fix double-free in nr_route_frame() In nr_route_frame(), old_skb is immediately freed without checking if nr_neigh->ax25 pointer is NULL. Therefore, if nr_neigh->ax25 is NULL, the caller function will free old_skb again, causing a double-free bug. Therefore, to prevent this, we need to modify it to check whether nr_neigh->ax25 is NULL before freeing old_skb.

INFO

Published Date :

2026-02-04T16:08:20.692Z

Last Modified :

2026-04-03T13:31:55.725Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2026-23098 vulnerability.

Vendors Products
Linux
  • Linux Kernel
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-23098.

URL Resource
https://git.kernel.org/stable/c/25aab6bfc31017a7e52035b99aef5c2b6bde8ffb cve-icon cve-icon
https://git.kernel.org/stable/c/6e0110ea90313b7c0558a0b77038274a6821caf8 cve-icon cve-icon
https://git.kernel.org/stable/c/7c48fdf2d1349bb54815b56fb012b9d577707708 cve-icon cve-icon
https://git.kernel.org/stable/c/94d1a8bd08af1f4cc345c5c29f5db1ea72b8bb8c cve-icon cve-icon
https://git.kernel.org/stable/c/9f5fa78d9980fe75a69835521627ab7943cb3d67 cve-icon cve-icon
https://git.kernel.org/stable/c/ba1096c315283ee3292765f6aea4cca15816c4f7 cve-icon cve-icon
https://git.kernel.org/stable/c/bd8955337e3764f912f49b360e176d8aaecf7016 cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2026020427-CVE-2026-23098-1fd2@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2026-23098 cve-icon
https://www.cve.org/CVERecord?id=CVE-2026-23098 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact