What is CVE-2026-23398?

CVE-2026-23398 is a vulnerability in Linux. Published 2026-03-26.

Is CVE-2026-23398 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Linux

CVE-2026-23398

In the Linux kernel, the following vulnerability has been resolved: icmp: fix NULL pointer dereference in icmp_tag_validation() icmp_tag_validation() unconditionally dereferences the result of rcu_dereference(inet_protos[proto]) without…

EPSS: 0.000 (9.4th percentile) — read the EPSS interpretation.

Affected products

Linux — versions 8ed1dc44d3e9e8387a104b1ae8f92e9a3fbf1b1e, 3.14, 0

Public proof-of-concept exploits

zpol/cve-2026-23398-poc
JohannesLks/CVE-2026-23398

References

git.kernel.org/stable/c/571d9d7b650f02d1e38c01128817868bceac9edd
git.kernel.org/stable/c/d783fa413c702ff0f8f8bea63f862e28eeaf39e3
git.kernel.org/stable/c/1f9f2c6d4b2a613b7756fc5679c5116ba2ca0161
git.kernel.org/stable/c/b61529c357f1ee4d64836eb142a542d2e7ad67ce
git.kernel.org/stable/c/9647e99d2a617c355d2b378be0ff6d0e848fd579
git.kernel.org/stable/c/d938dd5a0ad780c891ea3bc94cae7405f11e618a
git.kernel.org/stable/c/1e4e2f5e48cec0cccaea9815fb9486c084ba41e2
git.kernel.org/stable/c/614aefe56af8e13331e50220c936fc0689cf5675

Frequently asked questions

What is CVE-2026-23398?: CVE-2026-23398 is a vulnerability in Linux. Published 2026-03-26.
Is CVE-2026-23398 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.