Vulnerability-Lookup

CVE-2026-45846 (GCVE-0-2026-45846)

Vulnerability from cvelistv5 – Published: 2026-05-27 09:24 – Updated: 2026-05-27 09:24

Title

bareudp: fix NULL pointer dereference in bareudp_fill_metadata_dst()

Summary

In the Linux kernel, the following vulnerability has been resolved: bareudp: fix NULL pointer dereference in bareudp_fill_metadata_dst() bareudp_fill_metadata_dst() passes bareudp->sock to udp_tunnel6_dst_lookup() in the IPv6 path without a NULL check. The socket is only created in bareudp_open() and NULLed in bareudp_stop(), so calling this function while the device is down triggers a NULL dereference via sock->sk. BUG: kernel NULL pointer dereference, address: 0000000000000018 RIP: 0010:udp_tunnel6_dst_lookup (net/ipv6/ip6_udp_tunnel.c:160) Call Trace: <TASK> bareudp_fill_metadata_dst (drivers/net/bareudp.c:532) do_execute_actions (net/openvswitch/actions.c:901) ovs_execute_actions (net/openvswitch/actions.c:1589) ovs_packet_cmd_execute (net/openvswitch/datapath.c:700) genl_family_rcv_msg_doit (net/netlink/genetlink.c:1114) genl_rcv_msg (net/netlink/genetlink.c:1209) netlink_rcv_skb (net/netlink/af_netlink.c:2550) </TASK> Add a NULL check returning -ESHUTDOWN, consistent with the xmit paths in the same driver.

Severity

No CVSS data available.

Assigner

Linux

References

5 references

URL	Tags
https://git.kernel.org/stable/c/a0f4e4e8e0f5e24dd…
https://git.kernel.org/stable/c/35a115a204be08f97…
https://git.kernel.org/stable/c/74a02921c48fcd35a…
https://git.kernel.org/stable/c/638905520fc4fae6a…
https://git.kernel.org/stable/c/aa6c6d9ee064aabfe…

Impacted products

2 products

Vendor	Product	Version
Linux	Linux	Affected: 571912c69f0ed731bd1e071ade9dc7ca4aa52065 , < a0f4e4e8e0f5e24ddd83e3d1221732621cf34636 (git) Affected: 571912c69f0ed731bd1e071ade9dc7ca4aa52065 , < 35a115a204be08f97450b0389413e218268ef4a2 (git) Affected: 571912c69f0ed731bd1e071ade9dc7ca4aa52065 , < 74a02921c48fcd35a7881956c9e5c52b86595f5d (git) Affected: 571912c69f0ed731bd1e071ade9dc7ca4aa52065 , < 638905520fc4fae6a80991563f264131545ba3df (git) Affected: 571912c69f0ed731bd1e071ade9dc7ca4aa52065 , < aa6c6d9ee064aabfede4402fd1283424e649ca19 (git)
Linux	Linux	Affected: 5.7 Unaffected: 0 , < 5.7 (semver) Unaffected: 6.6.141 , ≤ 6.6.* (semver) Unaffected: 6.12.91 , ≤ 6.12.* (semver) Unaffected: 6.18.33 , ≤ 6.18.* (semver) Unaffected: 7.0.10 , ≤ 7.0.* (semver) Unaffected: 7.1-rc2 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/bareudp.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "a0f4e4e8e0f5e24ddd83e3d1221732621cf34636",
              "status": "affected",
              "version": "571912c69f0ed731bd1e071ade9dc7ca4aa52065",
              "versionType": "git"
            },
            {
              "lessThan": "35a115a204be08f97450b0389413e218268ef4a2",
              "status": "affected",
              "version": "571912c69f0ed731bd1e071ade9dc7ca4aa52065",
              "versionType": "git"
            },
            {
              "lessThan": "74a02921c48fcd35a7881956c9e5c52b86595f5d",
              "status": "affected",
              "version": "571912c69f0ed731bd1e071ade9dc7ca4aa52065",
              "versionType": "git"
            },
            {
              "lessThan": "638905520fc4fae6a80991563f264131545ba3df",
              "status": "affected",
              "version": "571912c69f0ed731bd1e071ade9dc7ca4aa52065",
              "versionType": "git"
            },
            {
              "lessThan": "aa6c6d9ee064aabfede4402fd1283424e649ca19",
              "status": "affected",
              "version": "571912c69f0ed731bd1e071ade9dc7ca4aa52065",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/bareudp.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.7"
            },
            {
              "lessThan": "5.7",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.141",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.91",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.18.*",
              "status": "unaffected",
              "version": "6.18.33",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.*",
              "status": "unaffected",
              "version": "7.0.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "7.1-rc2",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.141",
                  "versionStartIncluding": "5.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.91",
                  "versionStartIncluding": "5.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.18.33",
                  "versionStartIncluding": "5.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "7.0.10",
                  "versionStartIncluding": "5.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "7.1-rc2",
                  "versionStartIncluding": "5.7",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbareudp: fix NULL pointer dereference in bareudp_fill_metadata_dst()\n\nbareudp_fill_metadata_dst() passes bareudp-\u003esock to\nudp_tunnel6_dst_lookup() in the IPv6 path without a NULL check.\nThe socket is only created in bareudp_open() and NULLed in\nbareudp_stop(), so calling this function while the device is down\ntriggers a NULL dereference via sock-\u003esk.\n\n BUG: kernel NULL pointer dereference, address: 0000000000000018\n RIP: 0010:udp_tunnel6_dst_lookup (net/ipv6/ip6_udp_tunnel.c:160)\n Call Trace:\n  \u003cTASK\u003e\n  bareudp_fill_metadata_dst (drivers/net/bareudp.c:532)\n  do_execute_actions (net/openvswitch/actions.c:901)\n  ovs_execute_actions (net/openvswitch/actions.c:1589)\n  ovs_packet_cmd_execute (net/openvswitch/datapath.c:700)\n  genl_family_rcv_msg_doit (net/netlink/genetlink.c:1114)\n  genl_rcv_msg (net/netlink/genetlink.c:1209)\n  netlink_rcv_skb (net/netlink/af_netlink.c:2550)\n  \u003c/TASK\u003e\n\nAdd a NULL check returning -ESHUTDOWN, consistent with the xmit paths\nin the same driver."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-27T09:24:52.122Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/a0f4e4e8e0f5e24ddd83e3d1221732621cf34636"
        },
        {
          "url": "https://git.kernel.org/stable/c/35a115a204be08f97450b0389413e218268ef4a2"
        },
        {
          "url": "https://git.kernel.org/stable/c/74a02921c48fcd35a7881956c9e5c52b86595f5d"
        },
        {
          "url": "https://git.kernel.org/stable/c/638905520fc4fae6a80991563f264131545ba3df"
        },
        {
          "url": "https://git.kernel.org/stable/c/aa6c6d9ee064aabfede4402fd1283424e649ca19"
        }
      ],
      "title": "bareudp: fix NULL pointer dereference in bareudp_fill_metadata_dst()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2026-45846",
    "datePublished": "2026-05-27T09:24:52.122Z",
    "dateReserved": "2026-05-13T15:03:33.078Z",
    "dateUpdated": "2026-05-27T09:24:52.122Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2026-45846",
      "date": "2026-05-28",
      "epss": "0.00018",
      "percentile": "0.05152"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2026-45846\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2026-05-27T11:16:24.083\",\"lastModified\":\"2026-05-27T14:48:31.480\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nbareudp: fix NULL pointer dereference in bareudp_fill_metadata_dst()\\n\\nbareudp_fill_metadata_dst() passes bareudp-\u003esock to\\nudp_tunnel6_dst_lookup() in the IPv6 path without a NULL check.\\nThe socket is only created in bareudp_open() and NULLed in\\nbareudp_stop(), so calling this function while the device is down\\ntriggers a NULL dereference via sock-\u003esk.\\n\\n BUG: kernel NULL pointer dereference, address: 0000000000000018\\n RIP: 0010:udp_tunnel6_dst_lookup (net/ipv6/ip6_udp_tunnel.c:160)\\n Call Trace:\\n  \u003cTASK\u003e\\n  bareudp_fill_metadata_dst (drivers/net/bareudp.c:532)\\n  do_execute_actions (net/openvswitch/actions.c:901)\\n  ovs_execute_actions (net/openvswitch/actions.c:1589)\\n  ovs_packet_cmd_execute (net/openvswitch/datapath.c:700)\\n  genl_family_rcv_msg_doit (net/netlink/genetlink.c:1114)\\n  genl_rcv_msg (net/netlink/genetlink.c:1209)\\n  netlink_rcv_skb (net/netlink/af_netlink.c:2550)\\n  \u003c/TASK\u003e\\n\\nAdd a NULL check returning -ESHUTDOWN, consistent with the xmit paths\\nin the same driver.\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/35a115a204be08f97450b0389413e218268ef4a2\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/638905520fc4fae6a80991563f264131545ba3df\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/74a02921c48fcd35a7881956c9e5c52b86595f5d\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/a0f4e4e8e0f5e24ddd83e3d1221732621cf34636\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/aa6c6d9ee064aabfede4402fd1283424e649ca19\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
  }
}

FKIE_CVE-2026-45846

Vulnerability from fkie_nvd - Published: 2026-05-27 11:16 - Updated: 2026-05-27 14:48

Severity

Summary

References

	URL	Tags
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/35a115a204be08f97450b0389413e218268ef4a2
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/638905520fc4fae6a80991563f264131545ba3df
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/74a02921c48fcd35a7881956c9e5c52b86595f5d
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/a0f4e4e8e0f5e24ddd83e3d1221732621cf34636
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/aa6c6d9ee064aabfede4402fd1283424e649ca19

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbareudp: fix NULL pointer dereference in bareudp_fill_metadata_dst()\n\nbareudp_fill_metadata_dst() passes bareudp-\u003esock to\nudp_tunnel6_dst_lookup() in the IPv6 path without a NULL check.\nThe socket is only created in bareudp_open() and NULLed in\nbareudp_stop(), so calling this function while the device is down\ntriggers a NULL dereference via sock-\u003esk.\n\n BUG: kernel NULL pointer dereference, address: 0000000000000018\n RIP: 0010:udp_tunnel6_dst_lookup (net/ipv6/ip6_udp_tunnel.c:160)\n Call Trace:\n  \u003cTASK\u003e\n  bareudp_fill_metadata_dst (drivers/net/bareudp.c:532)\n  do_execute_actions (net/openvswitch/actions.c:901)\n  ovs_execute_actions (net/openvswitch/actions.c:1589)\n  ovs_packet_cmd_execute (net/openvswitch/datapath.c:700)\n  genl_family_rcv_msg_doit (net/netlink/genetlink.c:1114)\n  genl_rcv_msg (net/netlink/genetlink.c:1209)\n  netlink_rcv_skb (net/netlink/af_netlink.c:2550)\n  \u003c/TASK\u003e\n\nAdd a NULL check returning -ESHUTDOWN, consistent with the xmit paths\nin the same driver."
    }
  ],
  "id": "CVE-2026-45846",
  "lastModified": "2026-05-27T14:48:31.480",
  "metrics": {},
  "published": "2026-05-27T11:16:24.083",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/35a115a204be08f97450b0389413e218268ef4a2"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/638905520fc4fae6a80991563f264131545ba3df"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/74a02921c48fcd35a7881956c9e5c52b86595f5d"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/a0f4e4e8e0f5e24ddd83e3d1221732621cf34636"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/aa6c6d9ee064aabfede4402fd1283424e649ca19"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Awaiting Analysis"
}

GHSA-48Q6-HPWM-MQH2

Vulnerability from github – Published: 2026-05-27 12:31 – Updated: 2026-05-27 12:31

Details

In the Linux kernel, the following vulnerability has been resolved:

bareudp: fix NULL pointer dereference in bareudp_fill_metadata_dst()

bareudp_fill_metadata_dst() passes bareudp->sock to udp_tunnel6_dst_lookup() in the IPv6 path without a NULL check. The socket is only created in bareudp_open() and NULLed in bareudp_stop(), so calling this function while the device is down triggers a NULL dereference via sock->sk.

BUG: kernel NULL pointer dereference, address: 0000000000000018 RIP: 0010:udp_tunnel6_dst_lookup (net/ipv6/ip6_udp_tunnel.c:160) Call Trace: bareudp_fill_metadata_dst (drivers/net/bareudp.c:532) do_execute_actions (net/openvswitch/actions.c:901) ovs_execute_actions (net/openvswitch/actions.c:1589) ovs_packet_cmd_execute (net/openvswitch/datapath.c:700) genl_family_rcv_msg_doit (net/netlink/genetlink.c:1114) genl_rcv_msg (net/netlink/genetlink.c:1209) netlink_rcv_skb (net/netlink/af_netlink.c:2550)

Add a NULL check returning -ESHUTDOWN, consistent with the xmit paths in the same driver.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2026-45846"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-27T11:16:24Z",
    "severity": null
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nbareudp: fix NULL pointer dereference in bareudp_fill_metadata_dst()\n\nbareudp_fill_metadata_dst() passes bareudp-\u003esock to\nudp_tunnel6_dst_lookup() in the IPv6 path without a NULL check.\nThe socket is only created in bareudp_open() and NULLed in\nbareudp_stop(), so calling this function while the device is down\ntriggers a NULL dereference via sock-\u003esk.\n\n BUG: kernel NULL pointer dereference, address: 0000000000000018\n RIP: 0010:udp_tunnel6_dst_lookup (net/ipv6/ip6_udp_tunnel.c:160)\n Call Trace:\n  \u003cTASK\u003e\n  bareudp_fill_metadata_dst (drivers/net/bareudp.c:532)\n  do_execute_actions (net/openvswitch/actions.c:901)\n  ovs_execute_actions (net/openvswitch/actions.c:1589)\n  ovs_packet_cmd_execute (net/openvswitch/datapath.c:700)\n  genl_family_rcv_msg_doit (net/netlink/genetlink.c:1114)\n  genl_rcv_msg (net/netlink/genetlink.c:1209)\n  netlink_rcv_skb (net/netlink/af_netlink.c:2550)\n  \u003c/TASK\u003e\n\nAdd a NULL check returning -ESHUTDOWN, consistent with the xmit paths\nin the same driver.",
  "id": "GHSA-48q6-hpwm-mqh2",
  "modified": "2026-05-27T12:31:24Z",
  "published": "2026-05-27T12:31:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45846"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/35a115a204be08f97450b0389413e218268ef4a2"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/638905520fc4fae6a80991563f264131545ba3df"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/74a02921c48fcd35a7881956c9e5c52b86595f5d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a0f4e4e8e0f5e24ddd83e3d1221732621cf34636"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/aa6c6d9ee064aabfede4402fd1283424e649ca19"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

MSRC_CVE-2026-45846

Vulnerability from csaf_microsoft - Published: 2026-05-02 00:00 - Updated: 2026-05-28 01:06

Summary

bareudp: fix NULL pointer dereference in bareudp_fill_metadata_dst()

Notes

Additional Resources: To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle

Disclaimer: The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.

CVE-2026-45846

Affected products

Under investigation 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 17084-1		—

References

4 references

URL	Category
https://msrc.microsoft.com/csaf/vex/2026/msrc_cve…	self
https://support.microsoft.com/lifecycle	external
https://www.first.org/cvss	external
https://msrc.microsoft.com/csaf/vex/2026/msrc_cve…	self

JSON

To clipboard

{
  "document": {
    "category": "csaf_vex",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Public",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
        "title": "Additional Resources"
      },
      {
        "category": "legal_disclaimer",
        "text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
        "title": "Disclaimer"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "secure@microsoft.com",
      "name": "Microsoft Security Response Center",
      "namespace": "https://msrc.microsoft.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "CVE-2026-45846 bareudp: fix NULL pointer dereference in bareudp_fill_metadata_dst() - VEX",
        "url": "https://msrc.microsoft.com/csaf/vex/2026/msrc_cve-2026-45846.json"
      },
      {
        "category": "external",
        "summary": "Microsoft Support Lifecycle",
        "url": "https://support.microsoft.com/lifecycle"
      },
      {
        "category": "external",
        "summary": "Common Vulnerability Scoring System",
        "url": "https://www.first.org/cvss"
      }
    ],
    "title": "bareudp: fix NULL pointer dereference in bareudp_fill_metadata_dst()",
    "tracking": {
      "current_release_date": "2026-05-28T01:06:43.000Z",
      "generator": {
        "date": "2026-05-28T07:20:09.806Z",
        "engine": {
          "name": "MSRC Generator",
          "version": "1.0"
        }
      },
      "id": "msrc_CVE-2026-45846",
      "initial_release_date": "2026-05-02T00:00:00.000Z",
      "revision_history": [
        {
          "date": "2026-05-28T01:06:43.000Z",
          "legacy_version": "1",
          "number": "1",
          "summary": "Information published."
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "3.0",
                "product": {
                  "name": "Azure Linux 3.0",
                  "product_id": "17084"
                }
              }
            ],
            "category": "product_name",
            "name": "Azure Linux"
          }
        ],
        "category": "vendor",
        "name": "Microsoft"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2026-45846",
      "notes": [
        {
          "category": "general",
          "text": "Linux",
          "title": "Assigning CNA"
        }
      ],
      "product_status": {
        "under_investigation": [
          "17084-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-45846 bareudp: fix NULL pointer dereference in bareudp_fill_metadata_dst() - VEX",
          "url": "https://msrc.microsoft.com/csaf/vex/2026/msrc_cve-2026-45846.json"
        }
      ],
      "title": "bareudp: fix NULL pointer dereference in bareudp_fill_metadata_dst()"
    }
  ]
}

WID-SEC-W-2026-1691

Vulnerability from csaf_certbund - Published: 2026-05-26 22:00 - Updated: 2026-05-27 22:00

Summary

Linux Kernel: Mehrere Schwachstellen

Severity

Hoch

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: Der Kernel stellt den Kern des Linux Betriebssystems dar.

Angriff: Ein entfernter Angreifer kann mehrere Schwachstellen in Linux Kernel ausnutzen, um einen Denial of Service Zustand oder andere Auswirkungen herbeizuführen.

Betroffene Betriebssysteme: - Linux

CVE-2026-45837

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Open Source Linux Kernel Open Source	`cpe:/o:linux:linux_kernel:-`	—

CVE-2026-45838

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Open Source Linux Kernel Open Source	`cpe:/o:linux:linux_kernel:-`	—

CVE-2026-45839

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Open Source Linux Kernel Open Source	`cpe:/o:linux:linux_kernel:-`	—

CVE-2026-45840

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Open Source Linux Kernel Open Source	`cpe:/o:linux:linux_kernel:-`	—

CVE-2026-45841

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Open Source Linux Kernel Open Source	`cpe:/o:linux:linux_kernel:-`	—

CVE-2026-45842

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Open Source Linux Kernel Open Source	`cpe:/o:linux:linux_kernel:-`	—

CVE-2026-45843

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Open Source Linux Kernel Open Source	`cpe:/o:linux:linux_kernel:-`	—

CVE-2026-45844

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Open Source Linux Kernel Open Source	`cpe:/o:linux:linux_kernel:-`	—

CVE-2026-45845

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Open Source Linux Kernel Open Source	`cpe:/o:linux:linux_kernel:-`	—

CVE-2026-45846

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Open Source Linux Kernel Open Source	`cpe:/o:linux:linux_kernel:-`	—

References

13 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://lore.kernel.org/linux-cve-announce/	external
https://lore.kernel.org/linux-cve-announce/202605…	external
https://lore.kernel.org/linux-cve-announce/202605…	external
https://lore.kernel.org/linux-cve-announce/202605…	external
https://lore.kernel.org/linux-cve-announce/202605…	external
https://lore.kernel.org/linux-cve-announce/202605…	external
https://lore.kernel.org/linux-cve-announce/202605…	external
https://lore.kernel.org/linux-cve-announce/202605…	external
https://lore.kernel.org/linux-cve-announce/202605…	external
https://lore.kernel.org/linux-cve-announce/202605…	external
https://lore.kernel.org/linux-cve-announce/202605…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Der Kernel stellt den Kern des Linux Betriebssystems dar.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter Angreifer kann mehrere Schwachstellen in Linux Kernel ausnutzen, um einen Denial of Service Zustand oder andere Auswirkungen herbeizuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2026-1691 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-1691.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2026-1691 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1691"
      },
      {
        "category": "external",
        "summary": "Kernel CVE Announce Mailingliste",
        "url": "https://lore.kernel.org/linux-cve-announce/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2026-45837",
        "url": "https://lore.kernel.org/linux-cve-announce/2026052708-CVE-2026-45837-c50b@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2026-45838",
        "url": "https://lore.kernel.org/linux-cve-announce/2026052711-CVE-2026-45838-9c3b@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2026-45839",
        "url": "https://lore.kernel.org/linux-cve-announce/2026052712-CVE-2026-45839-44c7@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2026-45840",
        "url": "https://lore.kernel.org/linux-cve-announce/2026052712-CVE-2026-45840-cfc7@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2026-45841",
        "url": "https://lore.kernel.org/linux-cve-announce/2026052712-CVE-2026-45841-9575@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2026-45842",
        "url": "https://lore.kernel.org/linux-cve-announce/2026052712-CVE-2026-45842-71fc@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2026-45843",
        "url": "https://lore.kernel.org/linux-cve-announce/2026052713-CVE-2026-45843-7efb@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2026-45844",
        "url": "https://lore.kernel.org/linux-cve-announce/2026052713-CVE-2026-45844-703b@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2026-45845",
        "url": "https://lore.kernel.org/linux-cve-announce/2026052713-CVE-2026-45845-8dc4@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2026-45846",
        "url": "https://lore.kernel.org/linux-cve-announce/2026052713-CVE-2026-45846-ddca@gregkh/"
      }
    ],
    "source_lang": "en-US",
    "title": "Linux Kernel: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2026-05-27T22:00:00.000+00:00",
      "generator": {
        "date": "2026-05-28T06:45:42.982+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.6.0"
        }
      },
      "id": "WID-SEC-W-2026-1691",
      "initial_release_date": "2026-05-26T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2026-05-26T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2026-05-27T22:00:00.000+00:00",
          "number": "2",
          "summary": "Referenz(en) aufgenommen: EUVD-2026-32172, EUVD-2026-32171, EUVD-2026-32170, EUVD-2026-32169, EUVD-2026-32168, EUVD-2026-32166, EUVD-2026-32167, EUVD-2026-32165, EUVD-2026-32164, EUVD-2026-32163"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Open Source Linux Kernel",
            "product": {
              "name": "Open Source Linux Kernel",
              "product_id": "T053276",
              "product_identification_helper": {
                "cpe": "cpe:/o:linux:linux_kernel:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2026-45837",
      "product_status": {
        "known_affected": [
          "T053276"
        ]
      },
      "release_date": "2026-05-26T22:00:00.000+00:00",
      "title": "CVE-2026-45837"
    },
    {
      "cve": "CVE-2026-45838",
      "product_status": {
        "known_affected": [
          "T053276"
        ]
      },
      "release_date": "2026-05-26T22:00:00.000+00:00",
      "title": "CVE-2026-45838"
    },
    {
      "cve": "CVE-2026-45839",
      "product_status": {
        "known_affected": [
          "T053276"
        ]
      },
      "release_date": "2026-05-26T22:00:00.000+00:00",
      "title": "CVE-2026-45839"
    },
    {
      "cve": "CVE-2026-45840",
      "product_status": {
        "known_affected": [
          "T053276"
        ]
      },
      "release_date": "2026-05-26T22:00:00.000+00:00",
      "title": "CVE-2026-45840"
    },
    {
      "cve": "CVE-2026-45841",
      "product_status": {
        "known_affected": [
          "T053276"
        ]
      },
      "release_date": "2026-05-26T22:00:00.000+00:00",
      "title": "CVE-2026-45841"
    },
    {
      "cve": "CVE-2026-45842",
      "product_status": {
        "known_affected": [
          "T053276"
        ]
      },
      "release_date": "2026-05-26T22:00:00.000+00:00",
      "title": "CVE-2026-45842"
    },
    {
      "cve": "CVE-2026-45843",
      "product_status": {
        "known_affected": [
          "T053276"
        ]
      },
      "release_date": "2026-05-26T22:00:00.000+00:00",
      "title": "CVE-2026-45843"
    },
    {
      "cve": "CVE-2026-45844",
      "product_status": {
        "known_affected": [
          "T053276"
        ]
      },
      "release_date": "2026-05-26T22:00:00.000+00:00",
      "title": "CVE-2026-45844"
    },
    {
      "cve": "CVE-2026-45845",
      "product_status": {
        "known_affected": [
          "T053276"
        ]
      },
      "release_date": "2026-05-26T22:00:00.000+00:00",
      "title": "CVE-2026-45845"
    },
    {
      "cve": "CVE-2026-45846",
      "product_status": {
        "known_affected": [
          "T053276"
        ]
      },
      "release_date": "2026-05-26T22:00:00.000+00:00",
      "title": "CVE-2026-45846"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2026-45846 (GCVE-0-2026-45846)

FKIE_CVE-2026-45846

GHSA-48Q6-HPWM-MQH2

MSRC_CVE-2026-45846

WID-SEC-W-2026-1691

Tags

Sightings

Nomenclature